{"id":10630,"date":"2015-01-31T20:05:22","date_gmt":"2015-02-01T01:05:22","guid":{"rendered":"http:\/\/mjtsai.com\/blog\/?p=10630"},"modified":"2015-02-02T12:15:55","modified_gmt":"2015-02-02T17:15:55","slug":"filevault-2-deferred-enablement-in-yosemite","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2015\/01\/31\/filevault-2-deferred-enablement-in-yosemite\/","title":{"rendered":"FileVault 2 Deferred Enablement in Yosemite"},"content":{"rendered":"<p><a href=\"https:\/\/derflounder.wordpress.com\/2015\/01\/31\/filevault-2-deferred-enablement-in-yosemite\/\">Rich Trouton<\/a>:<\/p>\n<blockquote cite=\"https:\/\/derflounder.wordpress.com\/2015\/01\/31\/filevault-2-deferred-enablement-in-yosemite\/\">\n<p>Apple recognized that there would be situations where Mac admins would need to set up FileVault 2 for a person where the admin would not have the password for that person&rsquo;s user account. To avoid the immediate need to enter a password, <a href=\"https:\/\/developer.apple.com\/library\/Mac\/documentation\/Darwin\/Reference\/ManPages\/man8\/fdesetup.8.html\">fdesetup<\/a> has a <code>-defer<\/code> flag in Mountain Lion, Mavericks and Yosemite that can be used with <tt>fdesetup<\/tt>&rsquo;s <code>enable<\/code> verb to delay enabling FileVault 2 until after the current (or next) user logs out. With the <tt>-defer<\/tt> flag, the user will be prompted for their password at their next logout or restart. The recovery key information is not generated until the user password is obtained, so the <code>-defer<\/code> option requires a file location where this information will be written to as a plist file.<\/p>\n<p>[&#8230;]<\/p>\n<p>In Yosemite, Apple added new options for <tt>fdesetup<\/tt>&rsquo;s <code>-defer<\/code> flag. These new options now allow Mac admins to set a deferred enablement with the following options:<\/p>\n<ol>\n<li>Enforce FileVault 2 enablement at logout<\/li>\n<li>Enforce FileVault 2 enablement at login<\/li>\n<li>Enforce FileVault 2 enablement at both login and logout<\/li>\n<\/ol>\n<\/blockquote>\n<p>Update (2015-02-02): <a href=\"https:\/\/derflounder.wordpress.com\/2015\/02\/02\/managing-yosemites-filevault-2-with-fdesetup\/\">Rich Trouton<\/a>:<\/p>\n<blockquote cite=\"https:\/\/derflounder.wordpress.com\/2015\/02\/02\/managing-yosemites-filevault-2-with-fdesetup\/\"><p><tt>fdesetup<\/tt> in Yosemite has the <code>authrestart<\/code> verb, which allows a FileVault 2-encrypted Mac to restart, bypass the FileVault 2 pre-boot login screen, and goes straight to the OS login window.<\/p><\/blockquote>","protected":false},"excerpt":{"rendered":"<p>Rich Trouton: Apple recognized that there would be situations where Mac admins would need to set up FileVault 2 for a person where the admin would not have the password for that person&rsquo;s user account. To avoid the immediate need to enter a password, fdesetup has a -defer flag in Mountain Lion, Mavericks and Yosemite [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"","apple_news_api_id":"","apple_news_api_modified_at":"","apple_news_api_revision":"","apple_news_api_share_url":"","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[706,30,903,48],"class_list":["post-10630","post","type-post","status-publish","format-standard","hentry","category-technology","tag-filevault","tag-mac","tag-mac-os-x-10-10-yosemite","tag-security"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/10630","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=10630"}],"version-history":[{"count":3,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/10630\/revisions"}],"predecessor-version":[{"id":10667,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/10630\/revisions\/10667"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=10630"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=10630"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=10630"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}