Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-6031: Switching the "Managed by" user for FileVault 2 without disable and enable the group policy in Active Directory

Centrify Identity Service, Mac Edition ,  

12 April,16 at 10:59 AM

Applies to: Centrify DirectControl for Mac 5.2.3 or before

Question:

At the end of the description to "Enable FileVault 2" group policy or in the documentation of Suite 2015.1 or before , it states that:

A
ny setting changes (e.g. "Managed By" user or FileVaultMaster certificate) will not take effect, unless FileVault 2 is disabled manually and re-enabled via this GP.

Does this mean that in order to change one computer's "Managed By" user, the group policy will have to be re-abled or switched off for all users?


Answer:

Switching the "Managed by" user of one computer does not require disabling and enabling the FileVault 2 GP in AD. 

To change the “Managed By” user of a Mac OS X computer:

1. Disable FileVault 2 manually on the Mac OS X computer (Wait for the completion of decryption and restart the machine. Make sure the login screen is back to the normal user login page.)

2. On the AD side, change the “Managed By” user of the Mac OS X computer

3. Ensure that the Mac OS X computer can communicate with the domain controller (that is, it is in connected mode) so that it can fetch the new “Managed By” user information from Active Directory.

After you complete these steps, FileVault 2 protection is enabled on the Mac OS X computer the next time the new “Managed By” user logs into the Mac OS X computer.


Resolution:

The above information is included in the Centrify's Administrator’s Guide for Mac OS X since Suite 2016 (Centrify Direct Control for Mac 5.3.0).

Please refer to the document for more information (e.g. how to change the FileVaultMaster certificate)

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

No related Articles