![]() Contact to notify us of completing this process, and we will confirm whether the key was successfully uploaded.Configuration Profile Straightforward, applies universally to targets. You may use more than one, but any given computer should be targeted with just one method. Run the command sudo jamf recon as in Step 2 to submit the new Recovery Key into our management system. There are three main enablement methods you can choose for managing FileVault.Save the resulting new Recovery Key somewhere off the Mac (such as writing it on paper), just in case you need it the next time you update and reboot the Mac.Computers that are in a specific FileVault partition encryption state. Enter the password for the account username you entered in Step 7 above. FileVault smart computer groups can be based on the following criteria: Computers that are eligible to be FileVault encrypted but are not yet encrypted.Enter the username of the account you know the password for from the list provided from Step 5 above.If you make the management account the enabled FileVault user on computers with macOS 10.910.12.x, or macOS 10.14 or later, you will be able to issue a new recovery key. When finished after Step 8 below, this will make a new Recovery Key and display it to allow you to save/reference later. The management account cannot be used to enable FileVault for computers with macOS 10.13 or later if the account was created with Jamf Pro due to the lack of a SecureToken.If there is not an account listed that you know the password for, stop here and contact Run the command sudo fdesetup changerecovery -personal.This will return the list of users on the machine that can unlock the FileVault encryption.(We do not have a way to see what this key is on the machine, which is why we are making a new key that we can then send to the management system with the remaining steps below.).This checks to make sure the Mac has a Personal Recovery Key already assigned.Run the command sudo fdesetup haspersonalrecoverykey.This checks to make sure that FileVault is turned on and the disk is encrypted.24545” (there may be a different number for the tag). !IMPORTANT! If this step fails or does not behave as expected, Stop and alert On success, the last 2 lines produced should read “Submitting data to. Jamf Nation Community Products Jamf Pro Disable (turn off) FileVault Via Policy/Script Disable (turn off) FileVault Via Policy/Script milesleacy Valued. ![]() This will attempt to connect to our management system and update its inventory for that machine.Make sure the Mac is connected to the internet, and open Terminal.See images near the end of this document for expected behavior of these steps (potentially sensitive information in the images have been redacted). If any of the steps have unexpected results, stop and contact for assistance. The first half of this document is to check whether conditions are appropriate for reissuing a new Recovery Key for FileVault encryption.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |