PROBLEM:
I can manually run various commands in the MAC OS X terminal to configure the system for FileVault hard drive encryption. However, the issue is that I cannot script it out as a Run Script.
Example 1 - Enable FileVault with admin_user
echo "password" | sudo -S fdesetup enable -useradd admin_user -outputplist > /Users/admin_user/Desktop/FDESETUP_ENABLE.PLIST
Example 2 - Refresh / Change FileVault Recovery Key
echo "password" | sudo -S fdesetup changerecovery -personal > /Users/admin_user/Desktop/CHANGE_RECOVERY.PLIST
In both cases, I run into a brick wall of a problem on the local machine (before I've attempted pushing from the SMP). The problem is that the system requests the password of the user I specify to add to the system for the Example 1 command:
Enter the password for user 'admin_user':
While the Example 2 command asks a similar question of needing the password. As noted below:
Enter a pssword for "/", or the recovery key:
The added kicker is to make this work as a RUN SCRIPT from the SMP side pushed to this machine. My intent being to enable encrption for those system without it enable already. The second part to create a custom inventory to put the recovery key into, which could then be used to verify if the key is current/functional. Thus, refreshing the key, if it had changed.
FYI. Sending the output to a Plist file was just to confirm I am getting some sort of output from the commands to verify it actually worked.
Also the below link is similar via another tool, but I want to do this in via the SMP.
https://jamfnation.jamfsoftware.com/discussion.html?id=13018
If we can get around the FDESETUP password issue and get it to somehow run from an SMP script, then it should be easier to go from there.
Thoughts anyone?