My employer has given me a very nice MacBook Pro and I am considering using it as my private computer, since it is more practical only having one laptop. It should not be a problem with my employer as long as I don't install any pirated software and generally don't use it for illegal activities. The only thing that concerns me is my own privacy, since remote management is enabled so IT admins can go check on my system at will. Additionally, the work account is set up with active directory. So today I got this idea: What if I set up a separate user, disable remote management for that user and enable filevault for the entire system. That way they should only be able to access my work user, but would they be able to override file access permissions by enabling the root user? I know you can do that without filevault enabled, but would filevault stop them from seeing my files? They still have remote access to one account after all.