With the recent release of macOS High Sierra, Apple® made some especially significant changes to how users with FileVault® are managed. In fact, if an IT organization is managing their macOS systems and users properly, this change has most likely broken their ability to manage the users and systems remotely. The good news is that JumpCloud® has created a solution to the FileVault user management problem by automating Secure Token application for macOS users.
FileVault Issue Disables Remote Managing Ability
You’re probably aware of the dramatic changes Apple has been making to macOS over the last few releases. These changes have moved the platform closer to iOS, which is creating significant challenges for IT organizations looking to manage macOS systems andusers. Specifically, Apple has been changing the process for how users are managed, where they are managed from, how policies to manage the system are deployed, and most importantly, who can enable FileVault and how.
This last change, in particular, has created a torrent of issues for IT admins who have been managing their macOS systems through IT management tools such as identity providers. The reality is that these changes have forced IT admins to manually interact with each host to ensure that each user’s Secure Token attribute is valid. Without a valid Secure Token attribute, a user is unable to interact with FileVault. Furthermore, users are only granted a Secure Token if they are the first user created on the system, or if the user was created by the first user. This ensures—from Apple’s perspective—that a ‘chain-of-trust’ has been maintained and the newly created user is indeed valid and should have rights to access the disk drive.
The underlying challenge with this approach is that IT management tools, such as Microsoft® Active Directory®, are not able to create a new user remotely with a valid Secure Token attribute. As a result, IT admins need to manually grant that newly created user a valid token. Clearly, this isn’t a process that will scale, nor will it work efficiently for IT admins.
Solution? Automated Secure (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by George Lattimore. Read the original post at: https://jumpcloud.com/blog/automated-secure-token-application/