Clik here to view.
Slides from the “Managing FileVault 2 on macOS High Sierra” Session at MacAD...
For those who wanted a copy of my FileVault 2 management talk at MacAD UK 2018, here are links to the slides in PDF and Keynote format. PDF – http://tinyurl.com/MacADUK2018pdf Keynote –...
View ArticleClik here to view.
Cancelling an unwanted FileVault deferred enablement
There are sometimes occasions when FileVault deferred encryption has been enabled for a particular Mac and then needs to be turned off. Since FileVault is not yet turned on at this point, there is no...
View ArticleSession videos available from MacAD UK Conference 2018
A number of session videos (including mine) have been posted from MacAD UK 2018. For those interested, the videos are available on YouTube via the link below:...
View ArticleDetecting if a logged-in user on a FileVault-encrypted Mac has a Secure Token...
A challenge many Mac admins have been dealing with is the introduction of the Secure Token attribute, which is now required to be added to a user account before that account can be enabled for...
View ArticleClik here to view.
T2, FileVault and brute force attack protection
Apple recently released an overview document for its new T2 chip, which includes how the new T2 chip-equipped Macs have new protections against brute force attacks. This protection only applies if...
View ArticleClik here to view.
Unlock or decrypt your FileVault-encrypted boot drive from the command line...
As part of working with FileVault on macOS Mojave, it may be necessary to decrypt an encrypted boot drive in order to fix a problem. On Mojave all boot volumes will use Apple File System (APFS), so to...
View ArticleClik here to view.
Unlock your FileVault-encrypted boot drive using Disk Utility on macOS Mojave
In the event that you need to unlock an unbootable FileVault-encrypted boot drive on macOS Mojave, it’s possible to do so using Disk Utility and the password to a FileVault-enabled account on the...
View ArticleClik here to view.
Unable to enable FileVault on macOS Mojave
As part of FileVault on Apple File System, Apple introduced a new account attribute called Secure Token. Secure Token can present some interesting complications for Mac admins and among them is this...
View ArticleClik here to view.
Re-syncing local account passwords and Secure Token on FileVault-encrypted...
As part of FileVault on Apple File System, Apple introduced a new account attribute called Secure Token. As mentioned in a previous post, Secure Token can present some interesting problems for Mac...
View ArticleClik here to view.
Mouse doesn’t move at FileVault login screen in VMware Fusion macOS Mojave VMs
As part of working with FileVault on macOS Mojave, I’ve been using VMs running in VMware Fusion 11.x for testing. As part of that, I’ve seen a problem where the mouse doesn’t move when the VM has...
View ArticleClik here to view.
Managing macOS Mojave’s FileVault 2 with fdesetup
Since its initial release in OS X Mountain Lion 10.8.x, Apple’s main tool for managing FileVault 2 encryption has been fdesetup. With the transition from managing Core Storage-based encryption on HFS+...
View ArticleClik here to view.
Managing macOS Catalina’s FileVault 2 with fdesetup
Since its initial release in OS X Mountain Lion 10.8.x, Apple’s main tool for managing FileVault 2 encryption has been fdesetup. With the transition from managing Core Storage-based encryption on HFS+...
View ArticleClik here to view.
Erasing a FileVault-encrypted T2-equipped Mac
Normally, reinstalling macOS on a Mac is a straightforward process: 1. Boot to macOS Recovery2. Select Reinstall macOS from macOS Utilities. 3. Follow the onscreen instructions. However, if you have a...
View ArticleClik here to view.
FileVault login screen differences between Intel and Apple Silicon Macs
As new Apple Silicon Macs (ASM) have begun making their way to organizations which use FileVault encryption to secure their fleets, a difference between Intel Macs and ASMs has become apparent. Intel...
View ArticleClik here to view.
Use of FileVault Institutional Recovery Keys no longer recommended by Apple
When legacy FileVault was first introduced as part of Mac OS X 10.3 Panther in 2005, it supported a recovery key method which used a special keychain named FileVaultMaster.keychain which by default had...
View ArticleClik here to view.
Using the Jamf Pro API to retrieve FileVault personal recovery keys
As part of Jamf Pro 10.43’s release, Jamf has added the ability to access and retrieve FileVault personal recovery keys via the Jamf Pro API: Return FileVault information for a specific computer:...
View ArticleClik here to view.
Accessing the recovery key password reset option at the login window on macOS...
If the following situation occurs: You forgot the password to the local account you use to log into your Mac. You have FileVault enabled. You have the FileVault recovery key available. You can use the...
View Article