What's the best way to reissue new recovery keys for High Sierra laptops already encypted?

New Contributor

Im in the process of moving over to Jamf Pro from Jamf Now (formally Bushel). All of the laptops are encrypted with Jamf Now and their recovery keys escrowed there, but i want to be able to escrow those keys in Jamf Pro. I have having a particularly hard time escrowing reissued keys with 10.13 + laptops and haven't found any solutions online. What's up with that??

Has Jamf created an actual way to do this or has anyone here had luck reissuing keys for laptops running High Sierra?


Contributor III

@PSgduval I came across a script/workflow that actually works. I'm in the process of getting keys reissued to folks who have a "Not Configured" status on their recovery keys in their computer record. Here is a link to the script I am using:


I've ran this script with success on both 10.12.x machines and 10.13.x. The script may mention that it hasn't been tested on High Sierra, but it worked for me. I like this workflow for it allows me to pop up a branded message notifying customers about entering in the PW. Just remember to make sure you have the JSS Redirection policy in place on these machines or this script too will error. That was a key learning, so should you decide to use this, setup a redirection policy first and foremost, then work on the policy.

Good luck..!