Disabling FileVault 2 with fdesetup on Mountain Lion and Mavericks
Recently, I was asked how to disable FileVault 2 without needing to go into System Preferences. The general idea was that an organization may want to provide their users without admin rights a way to turn off FileVault 2 on an as-needed basis.
Most of the work I’ve done has been focused around turning on FileVault 2 and managing it, rather than providing a way for users to turn it off. That said, fdesetup on both Mountain Lion and Mavericks provides a way to disable FileVault 2 with proper authorization.
To disable FileVault 2 on the Mac you’re logged into, run the following command with root privileges:
You’ll be prompted for either the password of an enabled user or a personal recovery key.
Note: If a personal recovery key was not set up on a particular Mac, you’ll only be prompted for the password of an enabled user.
Once the password or personal recovery key has been entered, the Mac will begin to decrypt.
For those who want to automate this procedure, you can do this using an expect script or other means. As an example, I’ve written an expect script which automates running the fdesetup disable process described above.