Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

FileVault question

D

dantech12

macrumors newbie
Original poster
Jan 21, 2015
2
0
Hi Everyone,

I hope I am posting this in the correct place and I'd love some recommendations.

We get all of our employees MacBook Air's or Pro's. I had a situation where an employee left the company and had turned on FileVault. Some data needed to be retrieved from the laptop. Luckily the employee was able to give me her password.

For the future are there an recommendations you guys have to prevent this? Is there a way to disable filevault? Or any ways to always be able to get into the system from a master password if filevault is turned on? Any third party tools that will help?

Thanks!
 
Turn on FileVault before you give the machine to the employee. Then keep the password to yourself. The employee won't need to have it.
 
Just as clarification for what chabig wrote, turn on FileVault before giving the machine to the employee, creating a default admin account. When activating, it will give the option to store a recovery key in iCloud or to give you the key. Choose to not store the key in iCloud. Write down the key on the invoice or something before it is given to accounting so it will be filed away in a recoverable manner.
 
chabig said:
Turn on FileVault before you give the machine to the employee. Then keep the password to yourself. The employee won't need to have it.
Click to expand...

This doesn't seem right. What's the point of FileVault if you don't need the password to access the drive?
 
Awesome suggestions. I see what he is saying. I am testing it out now. When you setup filevault it give you a key that you can use to access the drive and reset the password in the case that forget the password.
 
motrek said:
This doesn't seem right. What's the point of FileVault if you don't need the password to access the drive?
Click to expand...

I'll take that as a serious question. The volume is unlocked when the user logs in. Non-users of the machine have no access to the data on the drive, even if it's removed from the machine. So it IS password protected.
 
chabig said:
I'll take that as a serious question. The volume is unlocked when the user logs in. Non-users of the machine have no access to the data on the drive, even if it's removed from the machine. So it IS password protected.
Click to expand...

I think the other poster cleared up my confusion. I forgot that there was a "backdoor" access code for FileVault when you turn it on, one that you don't have to share with the user.

Of course the user will have to know his own password.
 
This could be undone if the user turns off FV, waits for the drive to be unencrypted, then turns FV back on again. There will be a new recovery key. Not sure if you can prevent that. If the user doesn't have an admin account password, then they probably can't turn FV off. Be careful about handing out an admin password.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back