Removing FileVault2 from Shared Lab Device

Gabbycockerell
New Contributor

I haven't been able to find more recent documentation on this particular situation/issue so figured I'd ask directly.

My predecessors encrypted our AD binded lab devices which created major issues with new network user sign ins. After I got these physically locked down, I put the lab computer group into the exceptions of the FV2 policy. However, I realize of course the policy was already previously pushed to the devices and there is no "undo" button. I need to decrypt for all users and if I can avoid reenrolling the device altogether, that would be great. I don't know if fdesetup has the ability to decrypt for all users without a more complex script I'm not sure how to put together (our senior analyst who managed this left before I came on and honestly, looking at some of his work, I'm not sure he knew how do this management himself lol). 

I really appreciate any help that can provided for a fresh college graduate who basically had to become the senior analyst within 6 months haha--I can provide more information if needed and I apologize any lacking knowledge.  

2 REPLIES 2

AJPinto
Honored Contributor II

The command sudo fdesetup disable will turn off FileVault if its not being forced by a configuration profile.

It still asks for a specific username. I was hoping for a way that can remove it completely, for all users, but not sure that this exists