Remove FileVault Institutional Key - All Encrypted Macs

kirkd
New Contributor II

Hey all,
In hopes of increasing security on my Macs I would like to remove the Institutional key from both the encrypted Mac as well as in the JSS for all encrypted Macs. All Macs still have individual keys that will remain. I am aware of @rtrouton 's extensive FileVault tutorial on his awesome website. I did run the commands on a test laptop to remove the Institutional key. However, after running recon the institutional ID still reports in the JSS. Sooooooo did I actually remove the institutional key or does the JSS not update properly? Any help would be appreciated.

2 REPLIES 2

rderewianko
Valued Contributor II

I can't confirm. I'd suggest you try and see if a enterprise key works.

Another option for re-keying is: https://github.com/square/fde-rekey

bentoms
Honored Contributor III
Honored Contributor III

@kirkd we saw the same... it,s not being used &a is more of a UI issue.