Filevault 2 - Institutional Keys - User Password Reset
Hi,
We are testing the use of institutional keys with Filevault 2.
All the users have their laptop configured with a local account, so we are not using AD, open directory etc.
The process we use is this - OS X: How to create and deploy a recovery key for FileVault 2 - http://support.apple.com/kb/HT5077 -
We are able to encrypt and recover the drive if need be but we are not able to reset a password; We don't want to have to go to the effort of a full restore everytime a user forgets their password.
The options shown in OS X Lion: If you forget the password and FileVault is on - http://support.apple.com/kb/PH4057 are not available to us. For example we don't see
If you still need to reset your password, click the bottom line “reset it using your Recovery Key,” and then enter your recovery key.
Mentioned in step 5 of PH4057
If I unlock the drive as outlined in HT5077 I am able to use the resetpassword tool but this stil leaves the preboot password unchanged. If I use the previous password for the preboot password then I'm greated with the user accounts listed and then I'm able to use the password I just reset.
I tried doing a fdesetup authrestart from the recovery partition and within the terminal to bypass the pre boot but when I do that I get message saying "Error: FileVault must be enabled to use this command.". My idea was that after reseting the password with the preboot issue I could then boot into the users regular accout and then reset the password from the system preferences.
If I run fdesetup status I get a Error 14071, saying "Filevault is off".
In short how do I get the changed account password and the preboot password to sync? They sync fine if I use the tool from within system preferences the thing is we are trying to plan on what happens if a user forgets their password, I need the same functionality available from the system preferences in recovery mode.
Thanks,
MacBook Pro with Retina display, OS X Mountain Lion (10.8.4)