Q: FileVault 2: Prevent new accounts from unlocking on boot?
Hi,
I followed a different, though supported, method for encrypting my boot disk: clone the contents, format the drive as HFS encrypted, then clone the contents back. This gives you a unique boot password that takes you straight to the login screen, and no users can unlock the drive. Yesterday I created a new user, and today discovered that it had appeared on the boot screen. Selecting then entering the password for that user unlocked the drive and took me straight into that account.
I followed the steps to remove the password from the user using this tutorial, but contrary to expectations, this didn't remove the option to log in as this user at the boot screen. It also didn't change the password for that user at the boot screen. However, it wouldn't automatically log in as that user because the user's password was now blank; so, it only went as far as the login screen. So, it seems the method outlined in the tutorial doesn't work for user accounts created after FileVault 2 has been enabled.
Don't suppose anyone knows a way of creating new users without granting them automatic rights to unlock the drive?
Mac mini (Mid 2011), OS X Mountain Lion, 8GB RAM, 500GB HDD
Posted on Jan 18, 2013 11:46 PM
