File Vault 2 Administration

1. Note: Please check with your local IT group before starting the encryption process since they may have different methods for enabling and managing device encryption.


2. Download and install the Casper client from here. You'll need the admin password for your machine.
3. After installation, open the "Self Service" app from applications, or use spotlight to search for "Self Service".
4. Log in with your NetID and password.
5. 
6. From either the Featured or the Settings section select Encrypt Me from the "NU FileVault 2 Encryption" option. When prompted again, select Encrypt Me.
7. When a pop up message appears, select OK then log out.
   • To log out, click the Apple icon in the top left of the screen and select Log Out.
8. After logging out, you will be prompted for your account password to begin FileVault encryption. Enter your logged in account password and select OK.
9. Your computer will automatically reboot. You may see a BLACK SCREEN for 1-2 minutes after the FV2 process begins, but then it should present the normal user log-in screen.
   • If you are stuck on a BLACK SCREEN for more than 5 minutes, force shutdown the machine. Then boot into SAFE MODE by holding the SHIFT key while pressing the power button. Then reboot normally.
10. Upon login you can use your system while encryption is taking place.

1. Note: The initial FileVault 2 encryption process may take several hours to complete and optimize.
   • You can check status of FileVault 2 encryption process by going to System Preferences > Security & Privacy > FileVault
2. The Encryption policy settings will enforce encryption on all internal system drives, however will not encrypt any removable storage (e.g. External hard drives, USB flash drives, etc.)
3. After FileVault 2 is enabled, if a recovery key is required, contact the IT Support Center at consultant@northwestern.edu, or 847-491-4357 (1-HELP), or your local IT. Support staff can generate a recovery key upon request.

The Casper IT Admin Portal is a place where Departmental IT Support Staff can recover keys, audit key recovery, and review encryption status during the encryption process. To request access please contact Northwestern IT at consultant@northwestern.edu

DDCA for the requesting department/school will need to approve all requests. The URL for the portal is https://evcasper.ci.northwestern.edu:8443/

• This section will outline how to deal with non-boot volumes, external hard drives, USB flash drives and so on, which FileVault is not designed to encrypt automatically.


• FileVault Requirements:
  Any volume to be encrypted with FileVault must be formatted as OS X Extended (Journaled). Other format types, like FAT for example cannot be encrypted with FileVault.

1. In Finder, right-click (or control-click) on the volume you wish to encrypt. From the menu, choose Encrypt "volume". For example, in the screenshot below we are about to encrypt the “Data” volume on a USB flash drive.
   • 
2. Enter a password and hint into the dialog box. It is imperative that you do NOT lose this password, as it will not be stored in Casper. Losing this password means you will not be able to unlock the drive AT ALL, and all data will be lost.
3. When done entering a password and hint, press Encrypt Disk.
   • Encryption compeltion time can vary greatly. A small 8 GB flash drive with little to no data may take minutes. A giant 4 TB external hard drive full of data might take many hours.
4. When encryption is complete, the next time you plug your device into your Mac you will be prompted to enter the password you set in the previous step, as shown below. Press Unlock to access the contents.
   • ​​​​​​​
   • Note:You can check the box to "Remember this password in my keychain". This will store the password so that you don't have to enter it every time. Do this at your own discretion.