![access mac recovery key encryption access mac recovery key encryption](https://docs.jamf.com/jamf-now/documentation/images/Profiles.png)
If a user “Bob” has the “Secure Token” attribute set, but “Sally” does not, then Sally will not be enabled as a FileVault user. In a scenario where there are multiple users that may exist on a machine, the “Secure Token” Attribute must be set for the users to be automatically added as a FileVault user. The SEE FileVault client has some additional features that will be helpful to you. If you check the box, but do not browse to a key, you’ll get the following error: This will include this public certificate into the SEE FileVault client so if a user is unable to login to the system, this key can be used to unlock the system. Once you have exported the certificate, you can then upload it to the SEE Management Server:Ĭheck the box for “Use Institutional Recovery Key” and browse to the public portion you just exported with the.
![access mac recovery key encryption access mac recovery key encryption](https://mrmacintosh.com/wp-content/uploads/2019/09/TDM-Unlock-using-the-PRK-1.png)
The keypair should be stored off the server and in a secure location and only the required folks should have access to this key. Important: he only key needed to import into the SEE Management Server is the “FileVault Recovery Key” certificate, which is only the public portion of the certificate/key.
ACCESS MAC RECOVERY KEY ENCRYPTION PASSWORD
In order to export the keys, you’ll need to unlock the keychain with the unlock command above and then right-click each of the files and export, or export both at once:Įnter and confirm the passphrase of the FileVault Master Password keypair you wish to protect it with: You’ll also notice that there were two entries created:įileVault Master Password Key (Private key)
![access mac recovery key encryption access mac recovery key encryption](https://derflounder.files.wordpress.com/2014/08/figure_12e28093filevault_2_encrypting_the_boot_drive_using_an_institutional_recovery_key.png)
Security unlock-keychain /Library/Keychains/SEEFileVaultMaster.keychain, which will show the padlock is now unlocked: To be able to export the keys needed, you’ll need to unlock the keychain with the following command: You’ll notice the keychain is locked by default. You may not see the keychain you just created, and if you do not, simply drag the SEEFileVaultMaster.keychain into the list of keychains in Keychain Access. This will create a keychain called “SEEFileVaultMaster.keychain and will be located in /Library/Keychains Sudo security create-filevaultmaster-keychain /Library/Keychains/SEEFileVaultMaster.keychain To create the Institutional Recovery Key, run the following command, which will create a keychain as well as the certificates to run get the IRK:
ACCESS MAC RECOVERY KEY ENCRYPTION HOW TO
See the following articles for additional information related to this topic:Ģ13002 - How to install and use the SEE FileVault client to enable encryption and manage Recovery Keys with the SEE Management ServerĢ13004 - Using a Personal Recovery Key to unlock a machine managed by the Symantec Endpoint Encryption FileVault ClientĢ13006 - Using the SEE Helpdesk Web Portal to obtain the Personal Recovery Key for SEE FileVault clients This article will cover how to configure the Institutional Recovery Key to be used in conjunction with Personal Recovery Keys. In addition to managing the Personal Recovery Key the SEE FileVault client can be configured to use an “Institutional Recovery Key”, so if the PRK or user password cannot unlock a system, the IRK can be used to do so.
![access mac recovery key encryption access mac recovery key encryption](https://docs.citrix.com/en-us/citrix-endpoint-management/media/filevault-device-policy.png)
Symantec Endpoint Encryption includes the ability to easily manage the Personal Recovery Keys for these macOS systems encrypted with FileVault. If a user forgets this passphrase or is unable to unlock the system with the regular macOS password, a Personal Recovery Keys (PRKs) can be used to boot a system. Apple’s macOS has the ability to encrypt the hard drive of the system.