![]() ![]() ![]() In this case, FileVault 2 encryption set up is not forced. path/to/FileVault\ Setup.app/Contents/MacOS/FileVault\ Setup -FVSDoNotAskForSetup NO -FVSForceSetup NO -FVSUseKeychain YES -FVSCreateRecoveryKey YES Running FileVault Setup without any command line switches or other management will mean it will run with the following configuration: The settings are stored in the following domain: ca. FileVault Setup accepts four defaults:įVSDoNotAskForSetup: suppresses prompting the user to enable FileVault 2 encryption, default is NO / FALSEįVSForceSetup: enforces the setup and arrests login until the user accepts, default is NO / FALSEįVSUseKeychain: Sets the FileVault 2 encryption to use /Library/Keychains/FileVaultMaster.keychain as an institutional recovery key, default is YES / TRUEįVSCreateRecoveryKey: Sets the FileVault 2 encryption to generate and use an alphanumeric individual recovery key, default is YES / TRUE The default is YESįileVault Setup can also be managed by MCX or by the defaults command. FVSCreateRecoveryKey YES / NO – Sets the FileVault 2 encryption to generate and use an alphanumeric individual recovery key. FVSUseKeychain YES / NO – Sets the FileVault 2 encryption to use /Library/Keychains/FileVaultMaster.keychain as an institutional recovery key. FVSForceSetup YES / NO – enforces the setup and arrests login until the user accepts. FVSDoNotAskForSetup YES / NO – suppresses prompting the user to enable FileVault 2 encryption. The application has four command line switches that can be used to tell it how to run: Run time of the pre-edited video was 9 minutes. Note: The video has been edited to artificially reduce the amount of time it took to encrypt. Since this is a process that’s more easily shown than explained, I’ve made a video showing the process from the user’s perspective. Running this application with root privileges is important because fdesetup requires root privileges to run. This allows it to be launched when a user logs in, but also runs the application with root privileges. The application was designed to be run by a Mac OS X loginhook. If you want to hide the application from your users, I’d recommend putting it into a location like /var/root. For the purposes of my testing, I put it into /Applications. This application can be installed anywhere on the Mac, though the GitHub project page recommends either /Applications or /Applications/Utilities. There’s also a already-built application available for download from the GitHub repo. You can build the latest version of the application using the Xcode project files available from the GitHub repository. To the best of my knowledge, this is the first tool I’ve seen that allows FileVault encryption to be enforced on a machine entirely from the machine’s own resources. One nice thing about this tool from my perspective is that it’s designed to be independent of any server-based resources. ![]() It’s designed to be a user-friendly interface for Apple’s fdesetup tool on OS X 10.8.x which supports turning on FileVault 2 encryption and enabling a single user account. I was recently asked to help test a new utility called FileVault Setup for setting up and enforcing FileVault 2 encryption. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |