Still new to Full-Disk Encryption here, and wanted to know the following...
Is it possible to set up FileVault 2 so that a given user is allowed to "unlock" the encrypted disk and thus use it, BUT prevent the same user from being able to "decrypt" the HDD?
(In another thread located here I was trying to figure out exactly how encryption does and doesn't work, and for now, I have adopted the term "unlock" to denote gaining access to an encrypted HDD, and the terms "encrypt" and "decrypt" to denote the process of taking a HDD that is basically in plain-text and scrambling it up. Since I didn't get any replies on that thread, I'm not sure if I am using these terms correctly?!)
I spent some time last night reading up on my question, and it appears - that via the Control Panel - Mountain Lion only offers a global solution of designating a user to have both "unlock" and "decrypt" power or no access to the FileVault 2 HDD?!
As I tried to explain above, to me encryption entails two phases...
1.) Encrypting the HDD so casual users/passersby cannot read its contents
2.) Locking/Unlocking the HDD to gain access
In my mind, these are really two separate concepts.
(You might allow you child to have access to "unlock" your HDD, but that doesn't necessarily mean that you want to give them the ability to remove FileVault 2 from the HDD?!)
My new MBP has one Admin account, and one Standard account.
In an ideal world, I would like to set things up so only the Admin can turn FileVault 2 encryption on and off (i.e. encrypt and decrypt).
But both users would obviously need the ability to "lock" and "unlock" the HDD so they can use it independently.
Is that possible?
Hope my question makes sense?!
Sincerely,
Debbie
Is it possible to set up FileVault 2 so that a given user is allowed to "unlock" the encrypted disk and thus use it, BUT prevent the same user from being able to "decrypt" the HDD?
(In another thread located here I was trying to figure out exactly how encryption does and doesn't work, and for now, I have adopted the term "unlock" to denote gaining access to an encrypted HDD, and the terms "encrypt" and "decrypt" to denote the process of taking a HDD that is basically in plain-text and scrambling it up. Since I didn't get any replies on that thread, I'm not sure if I am using these terms correctly?!)
I spent some time last night reading up on my question, and it appears - that via the Control Panel - Mountain Lion only offers a global solution of designating a user to have both "unlock" and "decrypt" power or no access to the FileVault 2 HDD?!
As I tried to explain above, to me encryption entails two phases...
1.) Encrypting the HDD so casual users/passersby cannot read its contents
2.) Locking/Unlocking the HDD to gain access
In my mind, these are really two separate concepts.
(You might allow you child to have access to "unlock" your HDD, but that doesn't necessarily mean that you want to give them the ability to remove FileVault 2 from the HDD?!)
My new MBP has one Admin account, and one Standard account.
In an ideal world, I would like to set things up so only the Admin can turn FileVault 2 encryption on and off (i.e. encrypt and decrypt).
But both users would obviously need the ability to "lock" and "unlock" the HDD so they can use it independently.
Is that possible?
Hope my question makes sense?!
Sincerely,
Debbie
