- #How get recovery key for mac filevault how to#
- #How get recovery key for mac filevault update#
- #How get recovery key for mac filevault full#
- #How get recovery key for mac filevault password#
The keypair should be stored off the server and in a secure location and only the required folks should have access to this key. Important: he only key needed to import into the SEE Management Server is the “FileVault Recovery Key” certificate, which is only the public portion of the certificate/key.
#How get recovery key for mac filevault password#
In order to export the keys, you’ll need to unlock the keychain with the unlock command above and then right-click each of the files and export, or export both at once:Įnter and confirm the passphrase of the FileVault Master Password keypair you wish to protect it with: You’ll also notice that there were two entries created:įileVault Master Password Key (Private key) Security unlock-keychain /Library/Keychains/SEEFileVaultMaster.keychain, which will show the padlock is now unlocked: To be able to export the keys needed, you’ll need to unlock the keychain with the following command: You’ll notice the keychain is locked by default. You may not see the keychain you just created, and if you do not, simply drag the SEEFileVaultMaster.keychain into the list of keychains in Keychain Access. This will create a keychain called “SEEFileVaultMaster.keychain and will be located in /Library/Keychains Sudo security create-filevaultmaster-keychain /Library/Keychains/SEEFileVaultMaster.keychain To create the Institutional Recovery Key, run the following command, which will create a keychain as well as the certificates to run get the IRK:
#How get recovery key for mac filevault how to#
See the following articles for additional information related to this topic:Ģ13002 - How to install and use the SEE FileVault client to enable encryption and manage Recovery Keys with the SEE Management ServerĢ13004 - Using a Personal Recovery Key to unlock a machine managed by the Symantec Endpoint Encryption FileVault ClientĢ13006 - Using the SEE Helpdesk Web Portal to obtain the Personal Recovery Key for SEE FileVault clients This article will cover how to configure the Institutional Recovery Key to be used in conjunction with Personal Recovery Keys. In addition to managing the Personal Recovery Key the SEE FileVault client can be configured to use an “Institutional Recovery Key”, so if the PRK or user password cannot unlock a system, the IRK can be used to do so. Symantec Endpoint Encryption includes the ability to easily manage the Personal Recovery Keys for these macOS systems encrypted with FileVault.
If a user forgets this passphrase or is unable to unlock the system with the regular macOS password, a Personal Recovery Keys (PRKs) can be used to boot a system. If the device is marked as Company Owned, we will be able to see the Recovery Key.Apple’s macOS has the ability to encrypt the hard drive of the system. If the device is marked as Personally Owned in Intune, we will not be able to see the key from the Endpoint Portal.
#How get recovery key for mac filevault update#
It will take a few moments for the key update to process.Enter the FileVault Key provided during encryption and click save.Scroll down to the bottom and click Store Recovery Key.Click on the FileVault encrypted device.Direct the user to navigate to, click the hamburger menu in the upper left corner, and click Devices.They will not see this key again unless the disk is unencrypted and FileVault is re-enabled. If the device is automatically enrolled you can skip to step #8 as it will upload the key to Intune automatically. If this is a User Enrolled (non-ADE) the user will need to write this key down to tell Intune what it is. The user will be prompted to enter their password to enable and present their device’s recovery key. Once deployed, FileVault will begin to encrypt after the next restart.It is also worth noting that this profile will report as a failure until the user restarts and the disk is actually encrypted. Configure your organization’s security requirements and assign it to the appropriate groups. Create a new Configuration Profile for MacOS and set Enable FileVault to Yes.Do note that these screenshots may be outdated and are subject to change due to the nature of Microsoft’s ever-changing interface.
Please refer to Intune for MacOS and How It’s Different for more information on how FileVault in Intune is managed.
#How get recovery key for mac filevault full#
This post is going to be fairly straightforward as I just wanted to document the full process so my customers can see it from both sides. Always approach information you find outside (or inside for that matter) official documentation with skepticism and follow the golden rule: Never test in production.
As the name suggests, these accounts are based on experiences I’ve had in my own lab. Disclaimer: This blog is not intended to be advice on how to manage your environment.
0 kommentar(er)
