FileVault question

Discussion in 'MacBook Air' started by dantech12, Jan 22, 2015.

  1. dantech12 macrumors newbie

    Joined:
    Jan 21, 2015
    #1
    Hi Everyone,

    I hope I am posting this in the correct place and I'd love some recommendations.

    We get all of our employees MacBook Air's or Pro's. I had a situation where an employee left the company and had turned on FileVault. Some data needed to be retrieved from the laptop. Luckily the employee was able to give me her password.

    For the future are there an recommendations you guys have to prevent this? Is there a way to disable filevault? Or any ways to always be able to get into the system from a master password if filevault is turned on? Any third party tools that will help?

    Thanks!
     
  2. chabig macrumors 68040

    Joined:
    Sep 6, 2002
    #2
    Turn on FileVault before you give the machine to the employee. Then keep the password to yourself. The employee won't need to have it.
     
  3. dyt1983 macrumors 65816

    Joined:
    May 6, 2014
    Location:
    USA USA USA
    #3
    Just as clarification for what chabig wrote, turn on FileVault before giving the machine to the employee, creating a default admin account. When activating, it will give the option to store a recovery key in iCloud or to give you the key. Choose to not store the key in iCloud. Write down the key on the invoice or something before it is given to accounting so it will be filed away in a recoverable manner.
     
  4. motrek macrumors 68020

    Joined:
    Sep 14, 2012
    #4
    This doesn't seem right. What's the point of FileVault if you don't need the password to access the drive?
     
  5. dantech12 thread starter macrumors newbie

    Joined:
    Jan 21, 2015
    #5
    Awesome suggestions. I see what he is saying. I am testing it out now. When you setup filevault it give you a key that you can use to access the drive and reset the password in the case that forget the password.
     
  6. chabig macrumors 68040

    Joined:
    Sep 6, 2002
    #6
    I'll take that as a serious question. The volume is unlocked when the user logs in. Non-users of the machine have no access to the data on the drive, even if it's removed from the machine. So it IS password protected.
     
  7. motrek macrumors 68020

    Joined:
    Sep 14, 2012
    #7
    I think the other poster cleared up my confusion. I forgot that there was a "backdoor" access code for FileVault when you turn it on, one that you don't have to share with the user.

    Of course the user will have to know his own password.
     
  8. mfram macrumors 65816

    Joined:
    Jan 23, 2010
    Location:
    San Diego, CA USA
    #8
    This could be undone if the user turns off FV, waits for the drive to be unencrypted, then turns FV back on again. There will be a new recovery key. Not sure if you can prevent that. If the user doesn't have an admin account password, then they probably can't turn FV off. Be careful about handing out an admin password.
     

Share This Page