This article will outline how to deploy File Vault 2 manually on an existing computer, as well as how to use the administrator interface to validate correct setup. A walkthrough of recovery token retrieval is also provided. File Vault is managed through the JAMP Casper client, thus the Casper client is required before encrypting. Below are the requirements for Casper installation:
Casper/FV2 Deployment Requirements
- Machine has Mac OS X 10.8 or above
- Machine has a standard Apple recovery partition
- Machine has JAMF Casper agent installed
- Machine is NOT already FileVault 2 encrypted
Casper/FV2 Deployment Preferred
- Machine user account login should identify Northwestern user
- Machine computer name should identify Northwestern department
- Machine is bound to a Northwestern Windows Active Directory domain
- Machine has client backup software prior to encryption
- Machine is up to date will all Mac OS X updates
Installing the Casper Client
- Note: Please check with your local IT group before starting the encryption process since they may have different methods for enabling and managing device encryption.
- Download and install the Casper client from here. You'll need the admin password for your machine.
- After installation, open the "Self Service" app from applications, or use spotlight to search for "Self Service".
- Log in with your NetID and password.
- From either the Featured or the Settings section select Encrypt Me from the "NU FileVault 2 Encryption" option. When prompted again, select Encrypt Me.
- When a pop up message appears, select OK then log out.
- To log out, click the Apple icon in the top left of the screen and select Log Out.
- After logging out, you will be prompted for your account password to begin FileVault encryption. Enter your logged in account password and select OK.
- Your computer will automatically reboot. You may see a BLACK SCREEN for 1-2 minutes after the FV2 process begins, but then it should present the normal user log-in screen.
- If you are stuck on a BLACK SCREEN for more than 5 minutes, force shutdown the machine. Then boot into SAFE MODE by holding the SHIFT key while pressing the power button. Then reboot normally.
- Upon login you can use your system while encryption is taking place.
System Changes after Setup
- Note: The initial FileVault 2 encryption process may take several hours to complete and optimize.
- You can check status of FileVault 2 encryption process by going to System Preferences > Security & Privacy > FileVault
- The Encryption policy settings will enforce encryption on all internal system drives, however will not encrypt any removable storage (e.g. External hard drives, USB flash drives, etc.)
- After FileVault 2 is enabled, if a recovery key is required, contact the IT Support Center at consultant@northwestern.edu, or 847-491-4357 (1-HELP), or your local IT. Support staff can generate a recovery key upon request.
Casper Admin Portal
The Casper IT Admin Portal is a place where Departmental IT Support Staff can recover keys, audit key recovery, and review encryption status during the encryption process. To request access please contact Northwestern IT at consultant@northwestern.edu
DDCA for the requesting department/school will need to approve all requests. The URL for the portal is https://evcasper.ci.northwestern.edu:8443/
Encrypting external media
- This section will outline how to deal with non-boot volumes, external hard drives, USB flash drives and so on, which FileVault is not designed to encrypt automatically.
- FileVault Requirements:
Any volume to be encrypted with FileVault must be formatted as OS X Extended (Journaled). Other format types, like FAT for example cannot be encrypted with FileVault.
- In Finder, right-click (or control-click) on the volume you wish to encrypt. From the menu, choose Encrypt "volume". For example, in the screenshot below we are about to encrypt the “Data” volume on a USB flash drive.
- Enter a password and hint into the dialog box. It is imperative that you do NOT lose this password, as it will not be stored in Casper. Losing this password means you will not be able to unlock the drive AT ALL, and all data will be lost.
- When done entering a password and hint, press Encrypt Disk.
- Encryption compeltion time can vary greatly. A small 8 GB flash drive with little to no data may take minutes. A giant 4 TB external hard drive full of data might take many hours.
- When encryption is complete, the next time you plug your device into your Mac you will be prompted to enter the password you set in the previous step, as shown below. Press Unlock to access the contents.
-
- Note:You can check the box to "Remember this password in my keychain". This will store the password so that you don't have to enter it every time. Do this at your own discretion.
Keywords: file vault 2, file vault, fv2, encrypt external media, casper admin
Created: 2017-01-21 20:11:33
Updated: 2019-02-04 16:58:03