Posted on 01-19-2023 03:57 PM
I haven't been able to find more recent documentation on this particular situation/issue so figured I'd ask directly.
My predecessors encrypted our AD binded lab devices which created major issues with new network user sign ins. After I got these physically locked down, I put the lab computer group into the exceptions of the FV2 policy. However, I realize of course the policy was already previously pushed to the devices and there is no "undo" button. I need to decrypt for all users and if I can avoid reenrolling the device altogether, that would be great. I don't know if fdesetup has the ability to decrypt for all users without a more complex script I'm not sure how to put together (our senior analyst who managed this left before I came on and honestly, looking at some of his work, I'm not sure he knew how do this management himself lol).
I really appreciate any help that can provided for a fresh college graduate who basically had to become the senior analyst within 6 months haha--I can provide more information if needed and I apologize any lacking knowledge.
Posted on 01-20-2023 11:21 AM
The command sudo fdesetup disable will turn off FileVault if its not being forced by a configuration profile.
Posted on 01-23-2023 01:51 PM
It still asks for a specific username. I was hoping for a way that can remove it completely, for all users, but not sure that this exists