Manualshelf

Administrator Guide

ManualsBrandsDell ManualsConverged InfrastructureEncryption
11121314151617181920
NOTE:
For this example, trailing asterisks represent the latter part of the authentication authority records. Typically, to
avoid under-specifying, include the complete record instead of a trailing asterisk because the asterisk matches any
information after the colon in the OpenDirectory record.
The NFSHomeDirectory key requires that any user passing the first key must also have a home directory in /Users/.
NOTE:
You must create the home folder if one does not exist for a user.
3. Reboot the computers.
4. Notify users to enable FileVault booting for their user account. The user must have a local or mobile account. Network
accounts are automatically converted to mobile accounts.
For a user to enable their FileVault account:
1. Launch System Preferences, and click Dell Encryption Enterprise.
2. Click the System Volumes tab.
3. Control-click the System Volume drive, and select Add FileVault users to FileVault Booting.
4. In Search, enter a user's name or scroll down. User accounts display only if they meet the criteria set by policy.
For local and mobile users, an Enable User button displays.
For network users, a Convert & enable user button displays.
NOTE:
A green indicator displays next to user accounts that can boot FileVault.
5. Click Enable User or Convert & enable user.
6. Enter the password for the selected account and click OK. A progress indicator displays.
7. After a success dialog, click Done.
Assume Management of an Existing FileVault-Encrypted Volume
If the computer already has a FileVault-encrypted volume and FileVault encryption is enabled in the Management Console, Dell
Encryption can assume management of the volume.
If Dell Encryption detects that the boot volume is already encrypted, the Dell Encryption Enterprise dialog displays. To allow Dell
Encryption to assume management of the volume, follow these steps.
1. Select either Personal Recovery Key
or
Bootable Account Credentials.
NOTE:
For macOS High Sierra and Apple File System (APFS), you must select Bootable Account Credentials.
Personal Recovery Key - if you have the personal recovery key you received when the drive was FileVault-
encrypted.
a. Enter the key.
If a user does not have the existing key, they can request it from the administrator.
b. Click OK.
NOTE:
After the assumption process is complete, a new personal recovery key is generated and escrowed. The previous
recovery key is invalidated and removed.
Bootable Account Credentials - if you have the username and password of an account that is currently
authorized to boot from the volume.
a. Enter the user name and password.
b. Click OK.
2. When a dialog displays indicating that Dell now manages encryption of the volume, click OK.
If Dell Encryption detects that a non-boot volume is already encrypted, a passphrase prompt displays.
20
Tasks for the Encryption Client