Re-issuing Filevault Keys

djtaylor
New Contributor II

I'm desperately trying to solve a problem and keep hitting brick walls.

I need to migrate about 300 users into the Casper JSS. They are not in DEP and will need to be enrolled by invitation.

They are all encrypted already and i'm trying to issue new recovery keys that will get stored in the JSS.

I've tried this: https://github.com/homebysix/jss-filevault-reissue

Which gets stuck in a loop after initial screen and then says they entered their password wrong without actually prompting for the user password

I've also tried this: https://github.com/JAMFSupport/FileVault2_Scripts/blob/master/reissueKey.sh

Which will work locally on the machine when i run it via terminal but when i run it as a script in Casper to the target machine nothing happens - no prompt for password etc.

Anyone managed to do this? Any ideas what's going wrong?

I'm stuck!

1 REPLY 1

perrycj
Contributor III

I've used the homebysix solution and it has worked in our environment. You also have to have a separate configuration profile in the JSS for re-issuing the keys back in. Even if they were encrypted previously not through JAMF, it will gathered the keys and re-send them to the JSS in conjunction with the homebysix script/workflow. To re-issue the keys, it requires user interaction which is why they do it like they do it.

You also have to make sure that if you use the homebysix workflow, the user you're running it on is a FV2 enabled user. If they are not, it will not work and you might see some behavior like you're seeing now.