It is really very easy to enable file vault on profile manager so your all connected devices will get these policies and enable fie vault by default.
I am going to explain each and every step to enable file vault by profile manager and its deployment process on enrolled devices.
1. Set Master Password
I am going to explain each and every step to enable file vault by profile manager and its deployment process on enrolled devices.
1. Set Master Password
- Open System Preferences -> Users and groups
- If it is locked, then unlock it.
- Click on services (Gear) button -> Select "Set master password".
- Set the password whatever you want but keep something known in its hint so you can recall the password if something goes bad.
This process will create below mentioned files.
/Library/Keychains/FileVaultMaster.cer
/Library/Keychains/FileVaultMaster.keychain
/Library/Keychains/FileVaultMaster.cer
/Library/Keychains/FileVaultMaster.keychain
2. Unlock filevault keychain
Launch Terminal and run below mentioned command.
Sudo security unlock-keychain /library/keychains/filevaultmaster.keychain
3. Load filevault keychain
- Once keychain is unlock.
- Go to /Library/Keychains/
- You will find "FileVaultMaster.keychain". Double click on it.
- Now you will see "FilevaultMaster" in right side of Keychain Access.
- In Keychain Access, under FilevaultMaster you will find filevault certificate and its key.
- Double click on the certificate.
- Click the carrot next to trust and select when using this certificate drop down and choose Always Trust.
5. Export file vault certificate trusted.
6. Configure Filevault on profile manager.
- After make it trusted certificate.
- Go to login Keychain > Certificates.
- Select File Vault certificate > Right click on it > Export > Save it in .cer extension.
6. Configure Filevault on profile manager.
- Load server.app and open profile manager.
- Navigate to Device or Device groups -> Go to settings -> Click Edit.
- Click on "Certificates" under OS X and iOS then import file vault certificate which we exported in Step 5.
- Now, Click on "Security & Privacy" under OS X and iOS > Click on File Vault > Check "Require File Vault". Select "Use an Institutional recovery key" and select "FileVault Recovery Key" under certificates.
- Click Save and you are done. Lets get it pushed it on your device (Macbook or macmini).
7. Enable it on your system.
After get all settings on your system, you just need to reboot it. And it will ask to enable File Vault with your password.
Thank you very much!
ReplyDeleteWas a great help for me
Thank you so much.
ReplyDeleteIts really helpful to understand the Scenario of FileVault.
Thank you
ReplyDeleteTHANK YOU!!!
ReplyDeleteI was getting the message: "there was a problem enabling filevault on your computer", I think thats its because the certifcate was missing... Worked!
I am happy that you liked it and it solved your problem.
ReplyDelete