Enabling or Disabling a Local Account for FileVault

When you create a new account, you can enable the account for FileVault. You can also disable an existing account for FileVault.

Requirements

To enable a new account for FileVault, the computer must have the following:

  • macOS 10.13

  • An existing valid personal (also known as "individual") recovery key that matches the key stored in Jamf Pro.

To disable an existing account for FileVault, the computer must have macOS 10.13.

Important: Local accounts cannot be enabled or disabled for FileVault on computers with macOS 10.13.2 or later.

Enabling a New Local Account for FileVault

  1. Log in to Jamf Pro.

  2. Click Computers at the top of the page.

  3. Click Policies.

  4. Click New images/download/thumbnails/81922157/Icon_New_Button.png .

  5. In the General payload, enter a display name for the policy. For example, “Add Local Account for FileVault“.

  6. Select a trigger and execution frequency.

  7. Select the Local Accounts payload and click Configure.

  8. Select Create New Account.

  9. Specify the required information for the local account, including the username, full name, password, and home directory location.

  10. Select the Enable user for FileVault 2 checkbox.

  11. (Optional) Select the Maintenance payload and then select the Update Inventory checkbox so that the FileVault-enabled status for the user is updated in inventory immediately when the policy runs.

  12. Click the Scope tab and configure the scope of the policy. For more information, see Scope in the Jamf Pro Administrator's Guide.

    Note: If applicable, you can use the smart computer group you created in “Creating a Smart Group of Computers that are FileVault Encrypted” as the scope for the policy.

  13. Click Save.

The policy runs on computers in the scope the next time they check in with Jamf Pro and meet the criteria in the General payload.

Disabling an Existing Local Account for FileVault

  1. Log in to Jamf Pro.

  2. Click Computers at the top of the page.

  3. Click Policies.

  4. Click New images/download/thumbnails/81922157/Icon_New_Button.png .

  5. In the General payload, enter a display name for the policy. For example, “Disable Local Account for FileVault“.

  6. Select a trigger and execution frequency.

  7. Select the Local Accounts payload and click Configure.

  8. Select Disable User for FileVault 2.

  9. Enter the username of the user you want to disable for FileVault.

  10. (Optional) Select the Maintenance payload and then select the Update Inventory checkbox so that the FileVault-enabled status for the local account is updated in inventory immediately when the policy runs.

  11. Click the Scope tab and configure the scope of the policy. For more information, see Scope in the Jamf Pro Administrator's Guide.

    Note: If applicable, you can use the smart computer group you created in “Creating a Smart Group of Computers for Which a Specified User is Enabled for FileVault” as the scope for the policy.

  12. Click Save.

The policy runs on computers in the scope the next time they check in with Jamf Pro and meet the criteria in the General payload.

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2021 Jamf. All rights reserved.