FileVault can't be managed after you successfully install MNE and enable the following policy options:
- Turn on (Enable) FileVault
- Prompt user to create a recovery key on already enabled systems
The status of FileVault reported at the ePolicy Orchestrator (ePO) console remains
disabled.
This problem is seen on systems where the FileVault password and the
Mac User Logon password are different.
Authentication fails when the user is prompted to enter the MNE FileVault password. Authentication also fails after the user tries to enter the User Logon password.
NOTES:
- The user expects to enter the FileVault password when the following policy options are enabled:
Prompt user to create a recovery key on already enabled systems
- The above policy option is described as follows in the FileVault Product Settings table in the MNE Product Guides:
If FileVault is already enabled when the MNE policy is enforced, the client system prompts the user to authenticate using their FileVault password. Once authenticated, the recovery key of the client system can be queried from FileVault and is escrowed to the ePO database.
If users ignore this request, recovery of their system can't be achieved, as no recovery key can be escrowed to ePO; FileVault only releases the current recovery key if authentication is provided.