Add additional FileVault user to encrypted computer (APFS only)
Log In or Register to download the BES file, and more.

0 Votes

Versioning - This is the latest version.

1Add additional FileVault user to encrypted computer (APFS only)1/3/2018 1:42:58 PM
2Add additional FileVault user to encrypted computer (APFS only)1/4/2018 7:30:20 AM

Description


Important Notes

  • You must enter a password in order to take an action
  • Because of the way secure parameters work, you cannot use this task in a baseline, target an action dynamically by property (e.g., automatic groups), use add additional actions.

Property Details

ID24878
StatusProduction - Fully Tested and Ready for Production
TitleAdd additional FileVault user to encrypted computer (APFS only)
DomainBESC
Source Release Date1/4/2018 7:30:20 AM
Keywordsmacos, mac, encryption, filevault, apfs
Added by on 1/4/2018 7:30:20 AM
Last Modified by on 1/4/2018 7:30:20 AM
Counters 324 Views / 0 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Relevance

Used in 206 fixlets and 97 analyses   * Results in a true/false
Show indented relevance
mac of operating system
Used in 1 fixlet   * Results in a true/false
Show indented relevance
version of operating system >= "10.13.0"
Used in 2 fixlets   * Results in a true/false
Show indented relevance
((it as string as lowercase contains "true")) of booleans of values of entries whose (("CoreStorage Encrypted" = key of it) OR ("Encrypted" = key of it)) of dictionaries whose (exists substring "False" of (booleans of values of entries whose ("Removable" = key of it) of it as string)) of (it; nodes of it; nodes of nodes of it; nodes of nodes of nodes of it; nodes of nodes of nodes of nodes of it; nodes of nodes of nodes of nodes of nodes of it) of nodes of nodes of nodes of nodes of nodes of nodes of nodes of nodes of nodes of nodes of nodes of nodes of nodes of nodes of nodes of service plane of iokit registry
Used in 1 fixlet   * Results in a true/false
Show indented relevance
exists substring "Solid" of (strings of values of entries whose (key of it = "Medium Type") of dictionaries of values of entries whose (key of it = "Device Characteristics") of dictionaries of nodes "IOAHCIBlockStorageDevice" of nodes of nodes of it; strings of values of entries whose (key of it = "Medium Type") of dictionaries of values of entries whose (key of it = "Device Characteristics") of dictionaries of it) of (if (name of it = "SATA") then (nodes of nodes of it) else (nodes of nodes of nodes of nodes of it)) of nodes whose ((name of it = "SATA") OR (name of it starts with "RP")) of node "AppleACPIPCI" of node "PCI0" of node "AppleACPIPlatformExpert" of service plane of iokit registry

Actions

Action 1 (default)

Action Link Add  FileVault 2 user
Script Type BigFix Action Script
action parameter query "username" with description "Please specify the name of an existing FileVault2 account"
action parameter query "username2" with description "Please specify the name of the user you'd like to add to the list of FileVault users"

folder create "/.filevault"

delete __createfile
delete /tmp/fdesetup.plist

createfile until EOF

="1.0" encoding="UTF-8"?>
"-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
="1.0">

    Username
{parameter "username"}
Password
{parameter "secret" of action}
AdditionalUsers


Username
{parameter "username2"}
Password
{parameter "secret2" of action}




EOF

move __createfile /tmp/fdesetup.plist

wait /bin/sh -c "fdesetup add -inputplist < /tmp/fdesetup.plist"

wait /bin/sh -c "fdesetup list > "/.filevault/users.txt""

delete /tmp/fdesetup.plist
Success Criteria

This action will be considered successful when all lines of the action script have completed successfully.


Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!