It was terrible. Next time the user logs out or shuts down, they will be asked to put their password in to enable Filevault. An account created by a script, a 3rd party tool like Jamf Connect, ... not only did a scripted local standard account creation lack a SecureToken, it was also not able to enable FileVault! Two Sides to the Secure Token. For those unfamiliar, this built-in encryption feature is designed to encrypt Mac’s hard drive along with all the stored files. Every time you boot up, it asks for your password. To learn more about FileVault, see the following Apple documentation: macOS Security. When FileVault is turned on, your Mac always requires that you log in with your account password. Then, click on Turn On … I did try to upgrade to 10.11.4, hope it could fix it but no luck. In the Patch and compliance tool, click All types > Scan. When you use Jamf Now to set up FileVault, the recovery keys will be stored. FileVault is a built-in encryption mechanism developed by Apple, and it encrypts all files on Mac’s startup disk. Important: On macOS 10.13.2, you cannot select the management account on a computer as the enabled FileVault user. Click on the padlock to allow changes to be made to the FileVault settings. FileVault is Apple’s way of encrypting data on Mac devices and macOS. Basically, user logs in, script runs and detects a non-admin, non-root, and non-_mdsetup user as being logged in, then runs the fdesetup deferred command. In the Patch and compliance tool, click All types > Scan. Luckily, there is a viable solution to the problem of enabling FileVault for High Sierra users, but first, let’s explore some of the problems macOS users have with FileVault enabled. Terminal will report back with a message telling if you FileVault is on or off. FileVault is full disk encryption for Mac. The credentials to unlock the drive are stored either in the iCloud or the user Account offering you a passphrase to decrypt/unlock the drive. Choose how you want to be able to unlock your disk and reset your password, in case you ever forget your password: If you lose both your account password and your FileVault recovery key, you won't be able to log in to your Mac or access the data on your startup disk. I simply copy all the data files out, then re-install the entire OS 10.11.4, and enable FileVault. I fixed twice-login by disabling FileVault. Terminal will report back with a message telling if you FileVault is on or off. [gravityform id="37" title="false" description="false" ajax="true"],
. If other users have accounts on your Mac, you might see a message that each user must type in their password before they will be able to unlock the disk. When MNE is deployed, you need to add Active Directory users to FileVault . The use case for this is remote departures where we want to remove access from the user entirely. Identifying Macs that are using FileVault is fairly easy in person for machines that have a logged in user account, all you have to do is check System Preferences to see if has been enabled or not. The feature is easy to set up in the Security system preferences, after which the system should take up to a few hours to encrypt the drive, depending on the size and type of drive being used.