Comments on: Enforcing FileVault on local accounts http://managingosx.wordpress.com/2008/02/08/enforcing-filevault-on-local-accounts/ Trials and Tribulations of an OS X Administrator Tue, 10 Nov 2009 16:57:49 +0000 http://wordpress.com/ hourly 1 By: MrWinter http://managingosx.wordpress.com/2008/02/08/enforcing-filevault-on-local-accounts/#comment-9870 MrWinter Tue, 18 Aug 2009 20:08:56 +0000 http://managingosx.wordpress.com/?p=100#comment-9870 Agreed, MCX is the way to go . I never managed to get home directories I'd made with my dscl script to work quite properly so gave up. Greg, I'd be interested in seeing your check script if you were willing to share... :) Agreed, MCX is the way to go .
I never managed to get home directories I’d made with my dscl script to work quite properly so gave up.

Greg, I’d be interested in seeing your check script if you were willing to share… :)

]]> By: GregN http://managingosx.wordpress.com/2008/02/08/enforcing-filevault-on-local-accounts/#comment-9869 GregN Tue, 18 Aug 2009 16:34:48 +0000 http://managingosx.wordpress.com/?p=100#comment-9869 No. You can't automatically turn on FileVault for existing accounts. Even if the tools supported this, you'd need the user's password. It would be nice to be able to set something that said "on the next login (or logout) turn on FIleVault for [this user|all users]", but nothing like this exists. What I've done is write a script that looks at all the local accounts and emails me when there's one that doesn't have FileVault turned on. But since I started using MCX to enforce FileVault for all new local and mobile accounts, this has become quite rare. No. You can’t automatically turn on FileVault for existing accounts. Even if the tools supported this, you’d need the user’s password. It would be nice to be able to set something that said “on the next login (or logout) turn on FIleVault for [this user|all users]“, but nothing like this exists.

What I’ve done is write a script that looks at all the local accounts and emails me when there’s one that doesn’t have FileVault turned on. But since I started using MCX to enforce FileVault for all new local and mobile accounts, this has become quite rare.

]]> By: Jeff http://managingosx.wordpress.com/2008/02/08/enforcing-filevault-on-local-accounts/#comment-9868 Jeff Tue, 18 Aug 2009 16:26:51 +0000 http://managingosx.wordpress.com/?p=100#comment-9868 Anyway to turn on the filevault for everyone from the dscl? And is it possible to activate filevault for existing users from the command line too? Thanks Anyway to turn on the filevault for everyone from the dscl? And is it possible to activate filevault for existing users from the command line too? Thanks

]]> By: MrWinter http://managingosx.wordpress.com/2008/02/08/enforcing-filevault-on-local-accounts/#comment-9796 MrWinter Fri, 06 Mar 2009 04:34:07 +0000 http://managingosx.wordpress.com/?p=100#comment-9796 Excellent! I'll give it a try and let you know how I get on. Many thanks... Excellent! I’ll give it a try and let you know how I get on.
Many thanks…

]]> By: GregN http://managingosx.wordpress.com/2008/02/08/enforcing-filevault-on-local-accounts/#comment-9795 GregN Fri, 06 Mar 2009 04:13:49 +0000 http://managingosx.wordpress.com/?p=100#comment-9795 MrWinter: I'm sure it could be done. You'd have to use hdiutil (man hdiutil) to create an encrypted sparsebundle diskimage, which you'd then put in /Users/username (creating that directory if needed), then create the account using dscl. The last trick is creating the HomeDirectory attribute, which will look something like: <code>dscl . -create /Users/user HomeDirectory 'file://localhost/Users/user/user.sparsebundle'</code> MrWinter:

I’m sure it could be done. You’d have to use hdiutil (man hdiutil) to create an encrypted sparsebundle diskimage, which you’d then put in /Users/username (creating that directory if needed), then create the account using dscl. The last trick is creating the HomeDirectory attribute, which will look something like:

dscl . -create /Users/user HomeDirectory 'file://localhost/Users/user/user.sparsebundle'

]]> By: MrWinter http://managingosx.wordpress.com/2008/02/08/enforcing-filevault-on-local-accounts/#comment-9794 MrWinter Thu, 05 Mar 2009 21:19:48 +0000 http://managingosx.wordpress.com/?p=100#comment-9794 Hey Greg, as you're a knowledgeable chap... do you know if there is any way to turn on Filevault protection on an account when creating it at the command line using the dscl commands floating about the net at the moment? I'm writing a script to add a new user account which queries our ldap db for the users correct UID and GID and uses those but I can't figure out how to create a filevaulted account at the same time. Is it possible? Many thanks, MrW. Hey Greg,
as you’re a knowledgeable chap… do you know if there is any way to turn on Filevault protection on an account when creating it at the command line using the dscl commands floating about the net at the moment?
I’m writing a script to add a new user account which queries our ldap db for the users correct UID and GID and uses those but I can’t figure out how to create a filevaulted account at the same time.
Is it possible?

Many thanks,

MrW.

]]> By: Enforcing FileVault on local accounts http://managingosx.wordpress.com/2008/02/08/enforcing-filevault-on-local-accounts/#comment-9508 Enforcing FileVault on local accounts Sat, 09 Feb 2008 02:32:17 +0000 http://managingosx.wordpress.com/?p=100#comment-9508 [...] Enforcing FileVault on local accounts: “ [...] [...] Enforcing FileVault on local accounts: “ [...]

]]>