Requirements

To enable the management account for FileVault, the computer must have OS X v10.11 and have an existing, valid individual recovery key that matches the key stored in the JSS.

To disable the management account for FileVault, the computer must have OS X v10.11.

Enabling or Disabling the Management Account for FileVault

1. Log in to the JSS with a web browser.

2. Click Computers at the top of the page.

3. Click Policies.
   On a smartphone, this option is in the pop-up menu.

4. Click New .

5. In the General payload, enter a display name for the policy. For example, “Enable Management Account for FileVault“.

   

6. Select a trigger and execution frequency.

7. Select the Management Account payload and click Configure.

8. Choose “Enable User for FileVault 2” or “Disable User for FileVault 2” from the Action pop-up menu.

   

9. (Optional) Select the Maintenance payload and then select the Update Inventory checkbox so that the FileVault Enabled status for the management account is updated in inventory immediately when the policy runs.

10. Click the Scope tab and configure the scope of the policy.
    Note: If applicable, you can use the smart computer group you created in “Creating a Smart Group of Computers that are FileVault Encrypted” as the scope for the policy.

    

11. Click Save.

The policy runs on computers in the scope the next time they check in with the JSS and meet the criteria in the General payload.