Archive for February 22, 2012

Cauliflower Vest – Dumb name, brilliant solution for enterprise-manageable FileVault 2 encryption

February 22, 2012 Leave a comment

Google’s rolled out Cauliflower Vest, an open-source FileVault 2 recovery key escrow solution, that allows enterprise management of FileVault 2 encryption to go much further than was previously possible. It leverages the strengths of Apple’s non-enterprise recovery key system while bringing in additional features that most enterprise-focused environments are looking for.

At the moment, I’m going to start poking and prodding at this but I wanted to take a moment to recognize the folks whose hard work brought this to the Mac community:

Anthony Lieuallen, Avi Drissman, Edward Marczak, Felix Gröbert, Greg Castle, John Randolph, Justin McWilliams, and Mark Mentovai

Thanks, guys.

Hiding an FileVault 2-enabled admin user with Casper

February 22, 2012 3 comments

As mentioned in a prior post, it’s beneficial for Mac admins in a number of Mac environments to hide the IT administrator account so that it can’t be deleted or altered by other users on those Macs. One way you can hide the account is to create it using a UID that’s lower than 500.

However, when encrypting Macs with FileVault 2, an account needs to have a UID higher than 500 to be enabled to unlock the FileVault 2 encrypted drive. Unfortunately, that means that the account is now “visible” to the users that the Mac admin wants to hide it from.

Thanks to work by Allen Golbig, it looks like there’s an answer to this problem for Casper users. See below the jump for the procedure.

Read more…

Categories: Casper, FileVault 2, Scripting
%d bloggers like this: