kat.s

Q: Filevault password not updating

Hello,

 

I'm an IT professional and have been setting up some MacBooks for our users recently. Company policy is that ALL laptops must be encrypted and the easiest way for us to do that is with Filevault.

 

I've set up three so far in the past few weeks that have come shipped with Yosemite and I'm having a few problems.

 

I do all the config I need, and create a local administrative account for the user. The last step I do is encrypt using Filevault. The user then comes to see me, resets their password (via System Preferences > Users & Groups while logged in as me) Then, if they reboot the MacBook, they are unable to login through Filevault. If I log in first, however, and log out instead of shutting down, they can then log in. It is like the system isn't updating the Filevault password?

 

On one MacBook, decrypting and re-encrypting the drive appeared to resolve the issue, however I've been working on one this afternoon where this has not worked. I've reset the user's password twice - it accepts the older one for Filevault, but then returns to the login screen where the newer password is accepted.

 

I was wondering whether anyone else had this problem, and what they have done to fix it? We didn't have any trouble like this in Mavericks!

 

Note: the affected machines are all MacBook Pros, running 10.10.2

 

Many thanks,

Kat

MacBook Pro with Retina display, OS X Yosemite (10.10.2)

Posted on Feb 25, 2015 7:54 AM

Close

Q: Filevault password not updating

  • All replies
  • Helpful answers

  • by keg55,

    keg55 keg55 Feb 25, 2015 8:20 AM in response to kat.s
    Level 6 (8,417 points)
    Mac OS X
    Feb 25, 2015 8:20 AM in response to kat.s

    I believe on accounts set to Administrator privs, changing works fine when restarting/shutting down. I have 2 accounts. Both are admins and both are enabled to unlock the encrypted disk. Changing one's password and restarting or rebooting, accepted the new password to unlock the disk.I don't know about Standard accounts.

     

    And you're sure you enabled both the system admin and the user account during the encryption phase?

  • by kat.s,

    kat.s kat.s Feb 25, 2015 11:46 PM in response to keg55
    Level 1 (0 points)
    Feb 25, 2015 11:46 PM in response to keg55

    Hi,

     

    Both accounts are administrative. And yes, both were enabled when I switched Filevault back on.

  • by Topher Kessler,

    Topher Kessler Topher Kessler Feb 25, 2015 11:50 PM in response to kat.s
    Level 6 (9,866 points)
    Feb 25, 2015 11:50 PM in response to kat.s

    Try removing their account from the list of those that can unlock the disk (in the FileVault system preferences) and then re-add the account, to see if this properly stores their current password information.

  • by keg55,Helpful

    keg55 keg55 Feb 26, 2015 6:02 AM in response to kat.s
    Level 6 (8,417 points)
    Mac OS X
    Feb 26, 2015 6:02 AM in response to kat.s

    Take a look at this CNN link regarding FileVault and password resets. It may or may not help.

     

    From that link, I get the impression that when using System Preferences/Users & Groups to change a User's password, THAT user needs to be logged in for the changed password to sync with the EFI FileVault password. Just a guess.

     

    So, maybe when a User wants to change their password, try letting the User login instead of the local administrator and let that User open System Preferences/Users & Groups to change their password. Restart and test to see if that fixes the issue you described.

  • by kat.s,

    kat.s kat.s Feb 26, 2015 6:05 AM in response to keg55
    Level 1 (0 points)
    Feb 26, 2015 6:05 AM in response to keg55

    Thank you - I tried this earlier on today and it sorted the problem.

  • by keg55,

    keg55 keg55 Feb 26, 2015 6:07 AM in response to kat.s
    Level 6 (8,417 points)
    Mac OS X
    Feb 26, 2015 6:07 AM in response to kat.s

    Excellent! Glad you have it figured out. I guess it seems logical to be logged in as the User whose password needs to be reset in order for FileVault to sync with the change.

  • by David@work,

    David@work David@work Feb 24, 2016 8:59 AM in response to kat.s
    Level 1 (0 points)
    Mac OS X
    Feb 24, 2016 8:59 AM in response to kat.s

    Given all that we've covered in this thread I see Apple's logic in having the user who's password you want to change be the currently logged in user.

     

    In an enterprise setup where there are mac's in remote area's with local support admin accounts for techs to use, what would be the recommended method then to update the password for the local support account?

     

    Do you script something to remove a support account and re-add it each time you want to update the password?