Skip to main content

Allow users in Jamf Pro permission to view FileVault Recovery Keys

Updated over 3 months ago

Description

This article provides steps to grant Jamf Pro user accounts with custom privileges the necessary privileges to be able to view FileVault Recovery Keys.

These steps are needed for Jamf Pro admins:

  • seeing "Access Denied" when trying to open computer records in order to view the recovery key

  • that do not see the Personal Recovery Key/Institutional Recovery Key field displaying in the computer record

Adjusting User Permissions for Recovery Keys

  1. In Jamf Pro Settings go to Settings > System > User accounts and groups.

  2. Click New > Create Standard Account or open the user/group that needs adjustment and click Edit.

  3. Click Privileges.

  4. Click Jamf Pro Server Actions and check the box to enable View Disk Encryption Recovery Key.

  5. Click Jamf Pro Server Objects give Read permission for:

    • Computers

    • Disk Encryption Configurations (Full-Access Jamf Pro users only, option will not show for users assigned to a site)

    • Disk Encryption Institutional Configurations (if using institutional recovery key, which is not recommended)

  6. Click Save.

  7. The Jamf Pro user now has access to FileVault Recovery Keys.


Did this answer your question?