DirectoryService

New in Leopard is the ability to protect an account with FileVault as it is being created. When creating a mobile account, you can check the box to use FileVault, and this setting is easy to enforce with Workgroup Manager’s preference management as part of the Mobility settings.

If you use the Accounts preference pane to create a local account, you’ll see a new checkbox labeled “Turn on FileVault protection”, but it’s unchecked by default. What if your organization wants to ensure that all accounts — even purely local accounts — on laptops are protected with FileVault? With Workgroup Manager’s preference management, there does not seem to be a way to manage this setting in the Accounts preference pane. But you can manage it if you dig a little deeper…
Continue reading “Enforcing FileVault on local accounts” →

WGM icon

Newer posts on the same subject:

MCX, dslocal and radmind

MCX, dslocal, and the Guest account

MCX in non-default local nodes

Local MCX update

Yet again with the Local MCX

Recently on the MacEnterprise mailing list, several of us were discussing putting MCX records into the local directory service. This is an appealing idea to me, because we don’t use Open Directory, and I’ve never wanted to spend the political capital to get our LDAP schema extended to support MCX, especially since I didn’t really know if ManagedClient/MCX would actually do what we wanted.

MCX in the local directory service seemed to me a way to experiment without having to convince our LDAP admins to make schema changes.
Continue reading “MCX, dslocal, and Leopard” →

Managing OS X

Trials and Tribulations of an OS X Administrator

Enforcing FileVault on local accounts

MCX, dslocal, and Leopard