Body
For macOS computers owned by the University of Maine System, encryption is required and configured during initial setup. University-owned devices are automatically enrolled in JAMF during setup and will have encryption deployed with an individual key, unique to each device. However, some devices were set up prior to being enrolled in JAMF. Users can generate a new key which will be stored in JAMF as long as it is actively enrolled. While these directions are anticipated for UMS IT staff, they are relevant for any macOS faculty and staff user.
Instructions
- Make sure the Mac is connected to the internet, and open Terminal.
- Run the command sudo jamf recon
- This will attempt to connect to our JAMF and update its inventory for that machine.
- If the command fails, contact UMS IT Support and open a ticket with the serial number.
- If successful, the command will report that the inventory has been submitted.
- Run the command sudo fdesetup list
- This will return the list of users on the machine that can unlock the FileVault encryption.
- If there is not an account listed that you know the password for, stop and contact UMS IT Support
- Run the command sudo fdesetup changerecovery -personal
- When finished after Step 8 below, this will make a new Recovery Key and display it to allow you to save/reference later.
- Enter the username of the account you know the password for from the list provided from Step 5 above.
- Enter the password for the account username you entered in Step 7 above.
- Save the resulting new Recovery Key somewhere off the Mac (such as writing it on paper), just in case you need it the next time you update and reboot the Mac.
- Run the command sudo jamf recon as in Step 2 to submit the new Recovery Key into our management system.
Environment
- University-owned JAMF-managed macOS computers.