Managing Disk Encryption Configurations

Creating a disk encryption configuration in the Jamf Software Server (JSS) is the first step to activating FileVault 2 on computers with macOS 10.8 or later.

When you create a disk encryption configuration, you specify the following information:

  • The type of recovery key to use for recovering encrypted data. There are three recovery key options you can choose from:

    • Individual (also known as “Personal”)—Uses a unique alphanumeric recovery key for each computer. The individual recovery key is generated on the computer and sent back to the JSS for storage when the encryption takes place.

    • Institutional—Uses a shared recovery key. This requires you to create the recovery key with Keychain Access and upload it to the JSS for storage.

    • Individual and Institutional—Uses both types of recovery keys.

  • The user for which to enable FileVault 2

    • Management Account—Makes the management account on the computer the enabled FileVault 2 user.
      Note: If you make the management account the enabled FileVault 2 user on computers with macOS 10.9 or later, you will be able to issue a new recovery key to those computers later if necessary. (For more information, see Issuing a New FileVault 2 Recovery Key.)

    • Current or Next User—Makes the user that is logged in to the computer when the encryption takes place the enabled FileVault 2 user. If no user is logged in, the next user to log in becomes the enabled FileVault 2 user.


To use either the “Institutional” recovery key or the “Individual and Institutional” recovery key options in the disk encryption configuration, you must first create and export a recovery key using Keychain Access. (For more information, see the Creating and Exporting an Institutional Recovery Key Knowledge Base article.)

Creating a Disk Encryption Configuration

  1. Log in to the JSS with a web browser.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/15181921/Settings_icon.png .

  3. Click Computer Management.

  4. In the “Computer Management” section, click Disk Encryption Configurations images/download/thumbnails/15181921/Disk_Encryption_Configurations.png .

  5. Click New images/download/thumbnails/15181921/New_icon.png .

  6. Configure the disk encryption configuration using the fields and options on the pane.

  7. Click Save.

Related Information

For related information, see the following sections in this guide:

Deploying Disk Encryption Configurations
Find out how to activate FileVault 2 by deploying a disk encryption configuration using a policy or Casper Remote.

Copyright | Privacy | Terms of Use | Security
© copyright 2002-2017 Jamf. All rights reserved.