Skip to main content

FileVault Behavior with Jamf Connect

Updated over 2 weeks ago

Description

When a FileVault encrypted computer with Jamf Connect login restarts, the end user has to enter their FileVault password at the FileVault window. You have the option of enabling or disabling Automatic FileVault login. When enabled, FileVault passes the credentials to Jamf Connect login and the end user is not prompted to sign in with Jamf Connect login.

Important: The FileVault login window will only present itself when a reboot occurs. We do not have the ability to skip the FileVault window entirely due to Apple's native security framework.


Enabling Automatic Login:

In the Jamf Connect login configuration profile, set the DenyLocal preference key to false.

<key>DenyLocal</key> 
<false/>


Disabling Automatic Login

If we disable automatic FileVault login, after computers reboot the end user will have to enter their password at the FileVault window in addition to the usual Jamf Connect login window(s).

There are two options for disabling automatic login:

  • In the Jamf Connect login configuration profile, set the DenyLocal preference key to true.

    <key>DenyLocal</key> 
    <true/>

  • Create a custom configuration profile on the Applications & Custom Settings > Upload payload in Jamf Pro with the following settings:

    • Preference domain: com.apple.loginwindow

    • plist

      <?xml version="1.0" encoding="UTF-8"?> 
      <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
      <plist version="1.0">
      <dict>
      <key>DisableFDEAutoLogin</key>
      <true/>
      </dict>
      </plist>


More Resources

For more information see Turning on FileVault with Jamf Connect.


Did this answer your question?