I have two following main goals: 1. Secure complete hard disk by encrypting it 2. Guest account access a) for people to quickly access internet b) as a honey pot account to have thieves login and help me with retrieval of the device if stolen My setup I use multiple accounts myself to help me focus on tasks (1 personal (w/ admin access), 1 university, 1 office) and make use of fast user switching. As far as I understand FileVault 2 accounts are granted permissions to decrypt the drive. So my questions are: 1) Does it suffice to grant my personal account permissions to decrypt the drive, and use fast user switching to login to my other accounts? 2) If I'm logged into my personal account, and switch back into the login screen can people login to the guest account? 3) What are the preferred choices for theft recovery applications when FileVault 2 is enabled (LoJack, Prey, or Undercover) ?