Skip navigation

Change Filevault 2 Login Screen Options - Encrypted Disk

15643 Views 25 Replies Latest reply: Apr 4, 2014 12:57 AM by Tobit RSS
1 2 Previous Next
jayceek Calculating status...
Currently Being Moderated
Jul 22, 2011 4:17 PM

Hi

 

I have encrypted my hard disk using the Full Disk Encryption option of FileVault 2.

 

While I think it works great, the one thing I don't like is the fact that the login screen displays the user names rather than two fields, one for user name and the other for password.

 

Does anyone know how to change this setting?

 

Thank you.

 

-John

Mac OS X (10.4.7)
  • andrew2011 Calculating status...

    Hi,

     

    I don't think this is related to FileVault per se.

     

    Go to System Preferences > Users & Groups > Login Options and select the radio button for 'Display login window as: Name and password'.

     

    Hope this helps.

     

    Andrew

  • ivwang Calculating status...

    @Andrew, how do you get it work? have you tried the said System Preferences option?

     

    I tried that but the preboot FileVault2 login screen still stays at "list of users".. 

    My memory could fail, though.

     

    Thanks

    Ivan.

  • ggenet Calculating status...

    I do have the same problem , I have activated filevault (after migrating to Lion)

     

    and now I do have a list of users on my login screen (and yes my configuration is set to have name and password requested fr login NOT a list of user)

     

    Seems to be a bug to me ...

     

    Any help ?

  • andrew2011 Level 1 Level 1 (0 points)

    Hi,

     

    Sorry ivwang - I hadn't tried it when I posted; only knew how it should work...

     

    I just tried it in Lion too and it's not working as it used to in SL - looks like a bug and I've seen some other threads on this saything the same thing.  Hopefully it'll get fixed soon.

     

    Andrew

  • drbroom Calculating status...

    I am having the same trouble...

     

    I did try and delete the login plist but that has no effect. I have reported the bug to apple and I suggest you all do the same. The more people that are effected that quicker it will get attention.

  • Peter Link Level 1 Level 1 (5 points)

    This isn't a bug. This is the way FileVault-2's EFI boot authentication UI is built. When your Mac first starts up, EFI-boot takes over to decide what to do. It either continues to bring up the system to the typical OSX login screen, which is managed by OSX's system preferences, or it starts a special EFI pre-boot where it displays the FV2 unlock screen with the icons of designated OSX accounts approved to unlock the disk. Once you log on, the EFI unlock sequence carries forth your credentials, performing a single signon. This is fine for some people but not for others, including me. I added a PolicyBanner that still comes up during the signon process but it come up too late. I have submitted a UI request (not as a bug) to be able to either edit the EFI boot screen (look at /usr/standalone/i386/EfiLoginUI directory, none are editable using normal applications) or ask that a feature is included, probably in the FV system preference pane, to add a custom banner. I didn't include the request to allow just the name and password fields but that's something I'd also like to see. One problem with this account display method has to do with people trying accounts that aren't authorized to unlock the specific computer. I haven't tried using an incorrect password more than 3 times yet to see what happens. I also haven't tried a FV2-encrypted Mac bound to Active Directory (or Open Directory for that matter) to see how it functions with network accounts. FV2 is nice in that it is full disk encryption (FDE) at the block level but that also brings about a whole lot of changes to users used to using the file-level encryption of FileVault-1.

  • ggenet Level 1 Level 1 (0 points)

    I do understand now why when I do exit from my session I do have the login screen with name/password (as setup in the preferences). It was a bit confusing to meto have this name/password login screen (when exiting from my session) and not at boot time.

     

    Hope we will have at some point the possibility to configure the EFI login window to have name/password to login

     

    Please let us know

     

    Thanks

  • drbroom Level 1 Level 1 (5 points)

    Peter:

     

    Thanks for the great explanation! I was getting so frustrated with this that I was just about to start digging around at the boot level to see what I could find. Again, thanks for saving me the time and effort!

     

    Now that I understand the issue I will resubmit my report as a feature request as well. I figure the more voices the more likely we will get this fixed.

     

    Anyway, as a security professional myself I don't particularly like "security threw obscurity" but as a level of it, I do feel it can help. Just like policy banners and good multi character type passwords, we add encryption so if our computers are stolen (especially laptops)  we know (well believe) that the likelihood someone will get to our data is small. After all isn't that what we are trying to protect here?!?!

  • @Wiss Calculating status...

    Hey everyone

     

    Had the exact same issue and the culprit was the 'Enable Users' option under SystemPref/Security&Privacy/Filevault.

     

    You will always get the 'Disk Password Protected' option only if you refrain from enabling users under filevault.

     

    Personally, I prefer to always work in shell when configuring my MBA as Lion's GUI is still buggy as of 10.7.2 >> To encrypt, run

     

    1. diskutil list

     

    2. Identify your disk location under /dev/disk0 - in my case:

     

    /dev/disk0

       #:                       TYPE NAME                    SIZE       IDENTIFIER

       0:      GUID_partition_scheme                           *240.1 GB   disk0

       1:                        EFI                                       209.7 MB   disk0s1

       2:                  Apple_HFS SSD                          239.7 GB   disk0s2

       3:                 Apple_Boot Boot OS X                  134.2 MB   disk0s3

     

    3. then run

     

    sudo diskutil cs convert disk0s2 -passphrase yoursecretpassphrase

     

    4. reboot 

     

    Cheers

    W

     



    MacBook Air, Mac OS X (10.7.2)
  • goggyb_Sydney Calculating status...

    @Wiss - I think your solution is excellent while Apple sort these issues out.  One question though, how do you obtain the recovery key when encrypting via this method?

     

    Macbook Air, MAC OS X (10.7.3)

  • sjva Calculating status...

    This IS a bug.  If the user sets Display Login Window as:  NAME AND PASSWORD and NOT LIST OF USERS, that preference should be used whether file vault is turned on or off.

     

    I need name and password and I chose name and password but the EFI preboot disregarded what I chose and decided to use List of Users instead of what was selected. 

     

    That is why this IS a bug.  Please fix.

     

    It has been written up in bug reporter and quite a few folks have asked for this.

     

    Please please please fix this

  • goggyb_Sydney Level 1 Level 1 (0 points)

    you can set a master recovery key by following this article:

     

    http://support.apple.com/kb/ht5077

  • scooper4711 Calculating status...

    This is most decidedly a bug.

    According to the KB article here: http://support.apple.com/kb/HT4790?viewlocale=en_US&locale=en_US

    it says:

     

    List of users at the Login Window?

    Filevault 2 will show a blank text field for both username and password. For security purposes Filevault 2 will not show a list of users.

     

    I think this needs to be fixed.

  • J.Doe Calculating status...

    interesting discussion, i have the same problem and also thought it must be

    filevault 2's fault, maybe it is...buuut whhyyy....

    in my case i still had the login screen with the name and password field after startup WITH filevault 2,

    it changed to the same behavior (user swithing with name and password field / startup with user-list/ icons and pw-field after startup) since i downgraded the the user-account i did the setup with from a admin to a standard account!

    now i can't change it in the sys.-pref. / users and groups / login options either (just like your discription) - even not as admin, but i don't know if this allready wasn't possible with the admin account i did the the system setup with (the now downgraded)

     

    this makes it even more strange to me

    any ideas?

1 2 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (7)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.