Deploy secondary admin account with FileVault

New Contributor


Does anyone know if its possible to deploy a secondary admin account that has FileVault enabled through a script? It looks like it was retired in Jamf with macOS 10.3. The only way I see right now is to enable the account from the primary admin account that has FileVault enabled.

Any suggestions on a work around is appreciated. 


Thanks in Advance!


Contributor II

As long as you credentials for the accounts, it should be possible. I would start with Rich's write up 

Thanks! I'll take a look


If you know the login/password for the first admin account with FileVault Token, then you should be able to remotely send a dscl command with that to create another one.

If you are on Monterey, then you can create another admin account remotely, but only AFTER logging in on the mac itself (so not via SSH or remote commands) then it should get the FileVault Token automatically.

Im trying to do zero touch deployment so the end user would be the first admin account to be filevault enabled and I wouldn't have their password. Trying to see if I can have a secondary admin account enabled via self-service that prompts them for their password to add the secondary account

I think this might help:

However if the first user already is admin, then he/she could just easily manually create a new (admin) account via Users & Groups. That account then will automatically have the FileVault Token.


<remove me>