Skip to content

FileVault enable your organizational admin account...even on macOS 10.13!

License

Notifications You must be signed in to change notification settings

dwshore-personal/FileVaultEnableAdminAccount

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 

Repository files navigation

FileVault Enable your OrgAdmin Account

FileVault enable your organizational admin account...even on macOS 10.13!

This script was designed to be part of a policy within Jamf Pro to FileVault enable your local admin account on your macOS devices. This script is compatible with SecureToken on macOS 10.13 as well. If the script runs and doesn't find the admin account, it will create it and then FileVault enable it.

Requirements:

  • Jamf Pro
  • macOS Clients on 10.9 or later
  • LOGO File present on macOS device.
  • Look over the VARIABLES and configure.

Why is this needed?

Starting with macOS High Sierra, Apple has introduced SecureToken along with the APFS filesystem. Currently when accounts (including the management account) are created with Jamf Pro via a Policy, QuickAdd or DEP (Management Account) these accounts do NOT get a SecureToken. This script will prompt the currently logged in user if they are FileVault Enabled for their macOS password, which is used to FileVault enable the orgAdmin account.

This script has been tested on OS X 10.11.6, 10.12.6 and macOS 10.13.3

Configuring the Script

When you open the script you will find a variables section that will need to be configured. Here you can specify the message that is displayed to the end user while the script is running, your custom logo file, and the orgAdmin credentials (using Encrypted Strings) that you want to FileVault Enable.

For setting up Encrypted Strings, please ensure the USER and PASS both use the same SALT and PASSPHRASE.

https://github.com/brysontyrrell/EncryptedStrings.

These variable should also be using Jamf Pro Parameters and the labels should be specified after upload to Jamf Pro under Settings > Computer Management > Script > {thisScript} > Options

  • PARAMETER 4: ADMIN_USER_ENCRYPTED
  • PARAMETER 5: ADMIN_PASS_ENCRYPTED
  • PARAMETER 6: SALT
  • PARAMETER 7: PASSPHRASE

https://www.jamf.com/jamf-nation/articles/146

Example of Script Parameter Labels

Example of Script Parameter Labels

Example of Script Parameter in Policy

Example of Script Parameter in Policy

Video Guide to Setting up Encrypted Strings

Click to watch on YouTube

Click the video to start playing on YouTube

About

FileVault enable your organizational admin account...even on macOS 10.13!

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Shell 100.0%