Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 5 subscribers
  • Views 18379 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Add new owner to SafeGuard 7 for Mac

DC_IT_Manager

I have successfully bound a MacBook Pro running Yosemite to our Active Directory Network.  I created a user in AD called "Mac User" and logged into the Mac using this Network ID.  I successfully installed Safeguard and it correctly talks to the SafeGuard Management Server.

So far so good.  This is big progress.

When I reboot, the FileVault pre-boot environment comes up with MacUser as the only user who can log in.

If I add myself  - another user in AD - as the new owner in Safeguard Management and save the DB and sync the macbook and I reboot, the user MacUser is STILL the only user that can login to the Filevault pre-boot environment.  

This is something that works on Windows 7 much more cleanly.  Otherwise, the only way to install Safeguard on a Mac is to make sure you are using the account for the person the machine belongs to.  We're supposed to have more flexibility than that.

Suggestions?

Thanks.

Adam in DC

:56719


This thread was automatically locked due to age.
  • 0

    Status update.  After the disk was finished encrypting and I rebooted, the Pre-boot authentication expanded to include Mac User and two local non-network accounts:  "admin" and "it staff."

    They now show up as users on the SG Mgmt Console as "adopted users"

    But the assigned owner of the machine still does not show up.

    :56736

    Adam in DC

  • 0

    Hi Adam,

    unfortunately, the FileVaul2 PBA provides limited functionality in comparison to the SafeGuard Device Encryption POA you might know from your the Windows Clients.

    Adding Users to the OS X FileVault2 PBA is a local process and cannot be performed remotely via the SafeGuard Management Center.

    From the sgdeosx_7_Administrator help.pdf:

    "4.4 Add FileVault 2 User

    Only users that are already registered for FileVault 2 at the endpoint will be able to log on to the system after a restart. In order to add a user to FileVault 2 proceed as follows:

    1. While the Mac is still running, log on with the user you want to register for FileVault 2.
    2. Provide the credentials of that user in the dialog Enable Your Account. If you are using Mac OS X version 10.8, the user's own credentials as well as those of a user already active in FileVault 2 will be requested. With Mac OS X version 10.9 this is no longer necessary.

    Therefore, with the exception of Mac OS X version 10.8, users will be able to log on as easily as if there was no disk encryption enforced"

    Regards,

    ChrisD

    :56738
  • 0

    Hi Chris:

    Thanks for the quick reply.  I was just reading the admin pdf when you replied with the same section I was reading.  Unfortunately, it hasn't quite resolved the issue.

    First, to make sure I understand this, with Filevault 2, it's a endpoint action as well as a Management server action.  On the endpoint, I need to login as the user I want to make an "owner" and enable that user.  Where?

    In my case, Yosemite is 10.10.3  and I go into the Security and Privacy pane and go to FileVault.  It shows that FileVault is turned on the the disk "Macintosh HD" and "A recovery key has been set.

    After that...nothing.  No "enable user."

    In this case, the user is me - an AD User logging in.  Not a local non-AD user.  The other local non-AD users on the Mac showed up at pre-boot after the first boot - after my original post.

    If the enable user button existed, then I could enable myself as an owner.  Is there some additional mac download necessary for that to show up?

    Thanks.

    :56740

    Adam in DC

  • 0

    I just added a new local user - "localadmin" and he showed up in the preboot.

    The only thing missing from the user not showing up - is that I didn't "make it mobile."  Maybe that's the difference?

    Will let you know.

    :56741

    Adam in DC

  • 0

    That was it.  You need to make the user Mobile on the Mac for it to show up as an authorized File Vault User.

    Not documented as far as I can tell.  But it is now, at least here.

    :56742

    Adam in DC

  • 0

    Hi Adam,

    thanks for sharing your solution!

    I will forward the thread to the responsible team. If not documented, we're going to provide a Knowledge Base article until a new release with an updated manual will be available.

    Have a good weekend! 

    Regards,

    ChrisD

    :56743
Unfiltered HTML