This repository has been archived by the owner on Nov 20, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 4
Getting Started
Tyler Morgan edited this page Nov 5, 2020
·
6 revisions
To get started you need a few things:
- Filevault Recovery Key redirection profile installed
- Target system must be running 10.13 or newer
- TextEdit or another code editing application
Filevault Reissue allows you to configure specific settings to better brand it for your implementation. The very basics would be:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>viewTitle</key>
<string>Acme Corporation</string>
<key>viewInstructions</key>
<string>The Filevault Recovery Key that is stored in the management solution is not valid and may lead to data loss. The recovery key is used to unlock your device in the event of a lost or forgotten password.</string>
<key>viewLogoPath</key>
<string>/Library/Application Support/Acme/logos/example.png</string>
<key>suppressRecoveryKey</key>
<false />
<key>usernamePlaceholder</key>
<string>Username</string>
<key>passwordPlaceholder</key>
<string>Passw0rd</string>
<key>moreInformationText</key>
<string>Please visit the company's internal website for more information around this utility.</string>
<key>PayloadDescription</key>
<string>Filevault Reissue Utility Settings</string>
<key>PayloadDisplayName</key>
<string>Filevault Reissue Utility</string>
<key>PayloadEnabled</key>
<true/>
<key>PayloadIdentifier</key>
<string>7AC50522-D045-4E9D-80F4-5D63D1E35C6A</string>
<key>PayloadOrganization</key>
<string>Acme Corporation</string>
<key>PayloadType</key>
<string>com.github.cybertunnel.Filevault-Reissue</string>
<key>PayloadUUID</key>
<string>E244FEC1-99D4-4FF9-9ED7-FF9EE234C3D6</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDescription</key>
<string>Filevault Reissue Utility Settings</string>
<key>PayloadDisplayName</key>
<string>Filevault Reissue Utility</string>
<key>PayloadEnabled</key>
<true/>
<key>PayloadIdentifier</key>
<string>7AC50522-D045-4E9D-80F4-5D63D1E35C6A</string>
<key>PayloadOrganization</key>
<string>Acme Corporation</string>
<key>PayloadRemovalDisallowed</key>
<true/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>6B827FB4-3B53-404E-A140-B1D130E64C0C</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>file path: /Library/Preferences/com.github.cybertunnel.Filevault-Reissue.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>viewTitle</key>
<string>Acme Corporation</string>
<key>viewInstructions</key>
<string>The Filevault Recovery Key that is stored in the management solution is not valid and may lead to data loss. The recovery key is used to unlock your device in the event of a lost or forgotten password.</string>
<key>viewLogoPath</key>
<string>/Library/Application Support/Acme/logos/example.png</string>
<key>suppressRecoveryKey</key>
<false />
<key>usernamePlaceholder</key>
<string>Username</string>
<key>passwordPlaceholder</key>
<string>Passw0rd</string>
<key>moreInformationText</key>
<string>Please visit the company's internal website for more information around this utility.</string>
</dict>
</plist>For a more detailed description of this feature, check out Advanced.
This tool provides a method to reissuing a key silently and then prompt the user for their credentials if it fails. Below is an example of attempting to reissue a recovery key using the username macadmin and passwords of P@$$\/\/0rc| and P@sSW0rD:
sudo "/Library/Application Support/Acme/Filevault Reissue.app/Contents/MacOS/Filevault Reissue" --admin-usernames="macadmin" --admin-passwords="P@\$\$\\/\\/0rc\|","P@sSW0rD"