Script to forcefully enable/disable FileVault on Mac.
FileVault is a security feature available on Mac computers that encrypts the contents of the startup disk. This helps to protect sensitive data from unauthorized access, even if the computer is lost or stolen. Although FileVault is an effective means of securing data on Mac computers, it can present some challenges for system administrators. Specifically, managing FileVault settings across multiple computers can be a time-consuming and error-prone process, particularly when dealing with a large number of devices.
One way to simplify the process of managing FileVault is by using a script to force enable or disable the feature. This script can be run on multiple machines simultaneously, saving time and reducing the chance of errors. By automating this process, system administrators can ensure that all machines are set up consistently and securely, without the need for manual intervention. The Execute Custom Script action lets you execute these customized scripts on different endpoints remotely.
Scripting language – Bash
File extension – .sh
Execute this script to enable FileVault without manual intervention.
sudo fdesetup enable –user <Username> -password <password>
fdesetup command can be used to enable or disable FileVault.
password with the username and password of the account for which FileVault is to be enabled.
Execute this script to disable FileVault without manual intervention.
sudo fdesetup disable –user <Username> -password <password>
What happens at the device end?
After pushing the script from the terminal, the disk encryption process begins silently without prompting the user. You can refer to this script document to check the encryption status.
- Warning: One or more Secure Token users, including
Usernamehas a blank password. Filevault enabling requires all users to have a password.
- Warning: master keychain was found. Add -keychain to explicitly specify the master keychain.
fdesetuputility is unable to determine which keychain to use to access the master encryption key for FileVault full-disk encryption.
Solution: To resolve this error, you need to explicitly specify the keychain to use by adding the -keychain option to the
For eg:Script to enable FileVault12#!/bin/bashsudo fdesetup enable –user <Username> -password <password> -keychain /Library/Keychains/System.keychain
In this command, /Library/Keychains/System.keychain is the path to the system keychain, which is the master keychain used by the operating system to store sensitive information like encryption keys.
Solution: Set password for the