11/5/2023 0 Comments Jamf filevaultIt would seem that my only options are to leave encryption off to enable network users or create a shared FV enabled account that every student logs into. You can also store the user's personal recovery key at a specified file path. We kept running into the 'FileVault is off, deferred enablement appears to be enabled for active user: username' message in JAMF when looking at the logs for our FileVault2 policy. We then assigned the Mac to our FV2 encryption policy. Contact Jamf to get started securing your company’s data today. You can use Jamf Connect to enable FileVault encryption on Mac computers for administrator and standard local accounts. The user account migration happened after enrolling the new machine in JAMF and binding it to AD. carts are constantly unplugged, the laptops die, people shut them down or reboot them. Deploying and fully managing FileVault 2 to your Mac devices is as simple as 1-2-3 Literally, it takes Jamf Pro just three steps to roll out full-disk encryption to your entire fleet. once i log in/log out of a FV account, network users are able to log in, but in a cart setting, that is hardly reasonable and not at all feasible to have a user log in before everyone else. it would appear my 8021x/scep profile is ignored and i have no network access either (although wpa2 joined networks seem to work?). With filevault enabled, after a reboot, the only user(s) who are able to log in are the filevault enabled users. Is there any other workflows that allow me to be more hands off. Enroll into JAMF Pro and use a policy/script to escrow key to JAMF Pro cloud. I know that i could go on the host computer. They show FV2 is enabled/encrypted in Jamf Pro but they have an unknown recovery key. How can I migrate those recovery keys to Jamf Pro using profiles/policy script. All content on Jamf Nation is for informational purposes only. The issue Im coming across is that with a transition from Jamf Connect to Jamf Pro (that took place without me), half of the Mac fleet already had FileVault 2 enabled in Jamf Connect. Jamf does not review User Content submitted by members or other third parties before it is posted. The out put from my JSS reads the following: external image link. My issue is on shared laptop machines (school setting, laptops are in carts) i don't see a way of enabling filevault while allowing network users to consistently log in without making every potential network user a mobile account and enabling them as a filevault user - which is ridiculous and defeats the purpose of hardware security - if everyone can decrypt the drive, then encryption is worthless. I had this run on a trigger and executed it on my test box. now with our new m1 macs, it seems that my only option for any kind of hardware security is filevault. until the introduction of silicon macs, i've been using a firmware password to provide some protection on machines that go walking for one reason or another. I'm looking for clarity around filevault and network accounts (not AD!), mostly on big sur and m1 models.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |