Managing Disk Encryption Configurations

Creating a disk encryption configuration in the JAMF Software Server (JSS) is the first step to activating FileVault 2 on computers with OS X v10.8–v10.11.

When you create a disk encryption configuration, you specify the following information:

  • The type of recovery key to use for recovering encrypted data. There are three recovery key options you can choose from:

    • Individual (also known as “Personal”)—Uses a unique alphanumeric recovery key for each computer. The individual recovery key is generated on the computer and sent back to the JSS for storage when the encryption takes place.

    • Institutional—Uses a shared recovery key. This requires you to create the recovery key with Keychain Access and upload it to the JSS for storage.

    • Individual and Institutional—Uses both types of recovery keys.

  • The user for which to enable FileVault 2

    • Management Account—Makes the management account on the computer the enabled FileVault 2 user.
      Note: If you make the management account the enabled FileVault 2 user on computers with OS X v10.9–v10.11, you will be able to issue a new recovery key to those computers later if necessary. (For more information, see Issuing a New FileVault 2 Recovery Key.)

    • Current or Next User—Makes the user that is logged in to the computer when the encryption takes place the enabled FileVault 2 user. If no user is logged in, the next user to log in becomes the enabled FileVault 2 user.

Requirements

To use either the “Institutional” recovery key or the “Individual and Institutional” recovery key options in the disk encryption configuration, you must first create and export a recovery key using Keychain Access. (For more information, see the Creating and Exporting an Institutional Recovery Key Knowledge Base article.)

Creating a Disk Encryption Configuration

  1. Log in to the JSS with a web browser.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/11272357/Settings_icon.png .

  3. Click Computer Management.
    On a smartphone or iPod touch, this option is in the pop-up menu.

  4. In the “Computer Management” section, click Disk Encryption Configurations images/download/thumbnails/11272357/Disk_Encryption_Configurations.png .

  5. Click New images/download/thumbnails/11272357/New_icon.png .

  6. Configure the disk encryption configuration using the fields and options on the pane.

  7. Click Save.

Cloning, Editing, or Deleting a Disk Encryption Configuration

  1. Log in to the JSS with a web browser.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/11272357/Settings_icon.png .

  3. Click Computer Management.
    On a smartphone or iPod touch, this option is in the pop-up menu.

  4. In the “Computer Management” section, click Disk Encryption Configurations images/download/thumbnails/11272357/Disk_Encryption_Configurations.png .

  5. Click the disk encryption configuration you want to clone, edit, or delete.

  6. Do one of the following:

    • To clone the configuration, click Clone and make changes as needed. Then click Save.

    • To edit the configuration, click Edit and make changes as needed. Then click Save.

    • To delete the configuration, click Delete, and then click Delete again to confirm.

Related Information

For related information, see the following sections in this guide:

Deploying Disk Encryption Configurations
Find out how to activate FileVault 2 by deploying a disk encryption configuration using a policy or Casper Remote.

Copyright | Privacy | Terms of Use | Security
Copyright JAMF Software, LLC 2016