homebysix/jss-filevault-reissue

without user consend shuld be reissue the key

mani2care opened this issue · 1 comments

As of device managed by JAMF may i correct
and its approved also.
again and again why we are keep on asking to user to enter the password

here would like to auto process without user password can triggre the new key is that possible.

Generation of a new FileVault key requires an account with FileVault authorization. If you already have such an account, you can use fdesetup changerecovery -personal to generate the key with that account's credentials, rather than prompting the logged in user. Refer to the section called Managing Individual And Institutional Recovery Keys on Rich Trouton's post Managing macOS Mojave’s FileVault 2 with fdesetup for details.

(Careful: if you choose to automate this process using a shared "local admin" password via Jamf, your password may need to be stored somewhere that would put it at risk of being seen by other Jamf admins, like in the script parameters.)