Versions Compared

Old Version 32

changes.mady.by.user Jim Zajkowski

Saved on

compared with

New Version Current

changes.mady.by.user Jim Zajkowski

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Panel
borderColorred
borderWidth2
borderStylesolid
titleNotice - Non DEP Systems Only

This document is for systems that do not use DEP for deployment. For DEP-enrolled systems, please see here.



Table of Contents


FileVault full-disk encryption helps to prevent unauthorized access to the information on your startup disk.

FileVault on Izzy supported systems should only be enabled through the IzzyWeb interface by selecting the appropriate Policy Domain (typically: "Notebook + IronIzzy (encryption)")

FileVault is enabled through Izzy at build time, during the pairing process, by selecting the "Notebook + IronIzzy (encryption)" Policy Domain or by escalating the systems Policy Domain from "Desktop" to "Notebook + IronIzzy (encryption)" at a later time.

By enabling FileVault through Izzy an encryption recovery key (Unlock Code) is generated and securely transferred and stored in IzzyWeb. This Unlock Code can be used to access the system in cases where the password may have lost or compromised.

Also by enabling FileVault through IzzyWeb, pass-through authentication is enabled, so that the system user only needs to enter their password once to unlock the disk and access their user profile.

The most important process in turning on FileVault on an Izzy system is to "Enable Users…" that will be the primary user(s) on the system. This presents enabled accounts at the boot screen and enables pass through authentication to their user profile. Failing to do this correctly may deny user access to the system at a future point in time.

...


Steps to build an Izzy system with encryption and Enable Users

Build the system through the standard IzzyBoot process. During the Izzy "Pairing" process you will be given the option to select a Policy Domain. To build the system with encryption select the Policy Domain with "Notebook + IronIzzy (encryption)" as follows:


(The above example shows a system built in the Rackham Izzy organization. The above will vary by organization but you will see a "Notebook + IronIzzy (encryption)" option if available.)

Once the system has completely finished building and restarted, you'll be presented with the boot screen prompting for a Disk Password. The default disk password is biberli



After you have entered the Disk Password you will be presented with the Login Screen. It is recommended to first login with an account with admin credentials (typically a unit m- or # account created in Active Directory and placed in the appropriate AD admins group). The reason for this is that to Enable User in FileVault, the account must have admin credentials and exist locally on the system. (See Failure Error Below)

...

If you run into any issues or have questions, reach out to us in the Mac room on HipChatSlack!