You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: j_lundqvist
j_lundqvist Author
User level: Level 1
24 points

Deleting accounts does not remove FileVault decryption

Using Mountain Lion I have FileVault whole-disk encryption enabled on my Mac’s system drive. Today I removed a few accounts from my machine as I no longer had need for them.

After deleting the accounts, they have been removed from System Preferences -> Users and Groups preference pane, but when I reboot the EFI decrypt screen still include the deleted accounts. Entering their passwords decrypts Filevault and system startup commences.

This is, of course, not what I wanted. I would like all traces of the accounts I removed to be deleted – and I particularly do not want them to be able to decrypt FileVault, essentially rendering it useless. This is so contrary to user intention it must be considered a bug?

A workaround, had I not already removed the accounts, I guess I could have changed their password to something really complicated, but I can’t even do that.

Any ideas? Pretty please?

MacBook Pro (15-inch 2.4/2.2 GHz), OS X Mountain Lion

Posted on Aug 20, 2012 11:47 AM

Reply
10 replies
User profile for user: j_lundqvist
j_lundqvist Author
User level: Level 1
24 points

Aug 20, 2012 12:10 PM in response to mende1

Thanks, but that didn't help me much as the user accounts have already been deleted in the OS. The only place they remain is on the EFI startup screen. I can't follow your suggestions as the users and their home directory, has already been deleted.


(Also, even if i could "hide" them, that would be less ideal as I want the passwords to be rejected, on key-level, by FileVault.)

Reply
User profile for user: j_lundqvist
j_lundqvist Author
User level: Level 1
24 points

Aug 22, 2012 2:18 AM in response to cailian13

Thanks for replying, Cailian! I dug around in that preference pane too as I found some screenshots in some forums where there was a button for authorized users in there. (Not sure if the screenshots I found was from Mountain Lion, though?)


However, in my Systems Preferences -> Security & Privacy -> FileVault, that button is missing. I've attached a screenshot so you can see what I see.

User uploaded file

Thanks again!

Reply
User profile for user: cailian13
cailian13
User level: Level 1
125 points

Aug 22, 2012 11:08 AM in response to cailian13

Ok, mine just finished encrypting. And it seems the only way to remove users from the decrypt list is to turn off Filevault, allow it to decrypt, and then re-activate Filevault so that only the correct user accounts can access the system. I have exactly the same screen as you and after a bit of Googling, this seems to be the only way without doing some very user-unfriendly modifications to the system. Not the greatest answer, but I hope it helps!

Reply
User profile for user: j_lundqvist
j_lundqvist Author
User level: Level 1
24 points

Aug 22, 2012 4:01 PM in response to cailian13

Wow, thanks for the effort! Really! Like you said, not exactly a solution per se, but it keeps me from thinking that I did something wrong.


It's an amazing oversight from Apple, isn't it? Clearly, the user should expect an account to be deleted once it's, ehh, deleted? Having to cycle the encryption seems like a terrible solution.


I'm not afraid of non-userfriendly hacks and if you dug something up on how to solve it, please share? I came up empty on my (quite extensive) search.


Again, thanks for all your effort. Best,


/ J., Sweden.

Reply
User profile for user: z3r
z3r
User level: Level 1
0 points

Aug 19, 2014 8:49 AM in response to j_lundqvist

I realize this thread is old but perhaps this will help passing googlers who have this problem, as I just did on Mavericks (10.9.3). The following worked for me:


  • Re-create the deleted account in the "Users & Groups" system preferences pane. Use the same long username, short username, password and access level as it had before.
  • Go to the Terminal and type `sudo fdesetup remove -user scoobydoo` where scoobydoo is the short username in question
  • Remove the account again.
Reply

Deleting accounts does not remove FileVault decryption

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up