How to enforce file vault 2 (not legacy) on network users

[CNU182]

Not sure if this is possible. With 10.6 server, I had users authenticate with their ldap credentials, which then would create a filevault encrypted mobile account. Everything is working as normal with 10.7 server, except the fact that it enforces "legacy filevault" or filevault 1 instead of 2. I'm guessing this is due to the whole disk encryption feature. I tried encrypting my deployment image prior to deployment, which seemed to work but ultimately failed, as the FV2 settings did not transfer over to the machine to be imaged. Any insight on provisioning network users and forcing fv2?

Thanks in advance

 

[crazzyeddie]

Each machine needs to be setup using Filevault initially, then each user that is added automatically gets the benefit of the encrypted drive.

You would also not want to "clone" a Filevault2 image, as each recovery key would be the same, allowing your entire deployment to be compromised by hacking just one machine (a little paranoid, but your setup seems to be extremely security focused).