I am not sure how many people use this but I think a few environments would find it handy. If you are responsible for a large number of Mac computers and need to run Full Disk Encryption this may be of some help. The script will assist with the automation of encrypting Filevault 2 while taking the recovery key that is created and putting it into your Active Directory or Open Directory system. If you don’t know what Active or Open directory are you probably should stop reading, though maybe I have piqued your interest.
Suffice to say the script will do the following:
- Detect if you are connected to an Active Directory or Open Directory system
- It will prompt you for authentication to both the local system as well as the directory system it will store the recovery key in.
- Several tests to validate computer name, directory connectivity, and authorization occur.
- Lastly, I save the recovery key on the local hard drive if most everything passes but the key isn’t store properly stored in the directory.