How to enforce file vault 2 (not legacy) on network users

Discussion in 'Mac OS X Server, Xserve, and Networking' started by CNU182, Dec 19, 2011.

  1. CNU182 macrumors regular

    Oct 9, 2003
    Not sure if this is possible. With 10.6 server, I had users authenticate with their ldap credentials, which then would create a filevault encrypted mobile account. Everything is working as normal with 10.7 server, except the fact that it enforces "legacy filevault" or filevault 1 instead of 2. I'm guessing this is due to the whole disk encryption feature. I tried encrypting my deployment image prior to deployment, which seemed to work but ultimately failed, as the FV2 settings did not transfer over to the machine to be imaged. Any insight on provisioning network users and forcing fv2?

    Thanks in advance
  2. crazzyeddie macrumors 68030


    Dec 7, 2002
    Florida, USA
    Each machine needs to be setup using Filevault initially, then each user that is added automatically gets the benefit of the encrypted drive.

    You would also not want to "clone" a Filevault2 image, as each recovery key would be the same, allowing your entire deployment to be compromised by hacking just one machine (a little paranoid, but your setup seems to be extremely security focused).

Share This Page