Encryption Management for Apple FileVault Manual Deployment

Installing the Encryption Management for Apple FileVault Agent

To install Encryption Management for Apple FileVault, perform the following procedure.

  1. Verify that all of the agent installation prerequisites have been completed.

    See Agent Installation Prerequisites.

  2. Verify that the hard disk is not already encrypted, no other full disk encryption product is installed, and that Apple FileVault is disabled.
    1. Go to System Preferences > Security & Privacy.
    2. Select the FileVault tab.
    3. If necessary, click the lock icon () to make changes.
    4. Specify the user name and password for the endpoint.
    5. Click Turn Off FileVault.
  3. Run a hard drive integrity utility on the system drive.

    For example, run Verify Disk from OS X Disk Utility. To use this feature, do the following:

    1. Restart your Mac in Recovery Mode by holding Command + R during startup.
    2. Click Disk Utility.
    3. Select your startup disk.
    4. Click Verify Disk.
    5. If errors are found on the disk, click Repair Disk.
  4. Check with your system administrator about whether you should defragment your system drive.
  5. Copy the installation files to the system drive.
  6. Run TMFDEInstall_FV.exe.
  7. From the Welcome screen, click Continue.

    The Installer checks that the system requirements are met.

  8. If the system requirements are met, click Install.
  9. Select the hard disk to install that agent.
  10. Specify the user name and password of an account with permission to install applications on the endpoint, and click Install Agent

    The installation begins.

  11. Specify the following PolicyServer information:
    Option Description

    Server name

    Specify the PolicyServer IP address, host name, or FQDN and include the port number assigned to that configuration.


    Specify the Enterprise. Only one Enterprise is supported.

    User name

    Specify the user name of an account with permission to add devices to the Enterprise.


    Specify the password for the user name.


    Make sure that you type the correct password at this time, or you may need to troubleshoot your encryption status later.

  12. After the installation completes, click Close to restart the endpoint.

    The Encryption Management for Apple FileVault agent initiates immediately after the endpoint restarts.

  13. Go to the menu bar () to open the Encryption Management for Apple FileVault agent.

    For information about understanding and managing the Endpoint Encryption agent, see the Endpoint Encryption Administrator's Guide.

Creating a Mobile Account for Active Directory on Mac OS

Mac OS local accounts or mobile accounts are able to initiate encryption on Mac OS X Mountain Lion or later. Other Mac OS user account types will be unable to initiate encryption.

If a Mac OS account other than a local account or mobile account attempts to initiate encryption, the following notification appears:

The following task shows how to create a mobile account for your Mac OS account to bypass this issue.

  1. Go to System Preferences... in the Apple menu.

    The System Preferences window appears.

  2. Select User Groups under the System section.
  3. Click the lock icon in the lower left corner.
  4. Click Create... next to Mobile account.
  5. On the following screens, select any personal settings, and click Create to proceed from one screen to the next.
  6. When prompted, enter your Active Directory password and click OK.

    Your mobile account has been created. You may now use this mobile account to initate encryption.