Tag: fdesetup
-
Validate a FileVault recovery key using a .plist file
If you want to validate your FileVault recovery key from the terminal, you can do sudo fdesetup validaterecovery and then be prompted for the recovery key. But what if you want to use a .plist to validate the recovery key instead of getting prompted for the key? This is where it’s a bit counterintuitive, at…
-
Setting up deferred FileVault encryption
In Enabling FileVault Encryption for Client Macs, I mentioned that deferred enablement is one option for mass-deploying encryption to clients, with the major downside that you can enable it for only one user and not multiple users at once. If you do want to go that route, though, this is the command (assuming you’re using…
-
Enabling FileVault Encryption for Client Macs
Difficulties in automating FileVault FileVault encryption is unfortunately one of the things for Mac admins that is extremely difficult to automate. Crypt There’s a project called Crypt that involves a login hook that checks whether encryption is enabled or not and then prompts the user to enable encryption. Once that’s done, the individual recovery key…