. Open the Terminal app on your Mac, then enter this command: security create-filevaultmaster-keychain /Desktop/FileVaultMaster.keychain.

1. What Is Windows Logon Application

When prompted, enter the master password for the new keychain, then enter it again when prompted to retype. Terminal doesn't show the password as you type. A key pair is generated, and a file named FileVaultMaster.keychain is saved to your desktop. Copy this file to a secure location, such an encrypted disk image on an external drive.

This secure copy is the private recovery key that can of any Mac set up to use the FileVault master keychain. It is not for distribution. In the next section, you will update the FileVaultMaster.keychain file that is still on your desktop. You can then deploy that keychain to Mac computers in your institution. After, follow these steps to prepare a copy of it for deployment:. Double-click the FileVaultMaster.keychain file on your desktop.

The Keychain Access app opens. In the Keychain Access sidebar, select FileVaultMaster. If you see more than two items listed on the right, select another keychain in the sidebar, then select FileVaultMaster again to refresh the list. If the FileVaultMaster keychain is locked, click in the upper-left corner of Keychain Access, then enter the master password you created. From the two items shown on the right, select the one identified as ”private key” in the Kind column:. Delete the private key: Choose Edit Delete from the menu bar, enter the keychain master password, then click Delete when asked to confirm.

Quit Keychain Access. Now that the master keychain on your desktop no longer contains the private key, it's ready for deployment. After, follow these steps on each Mac that you want to be able to unlock with your private key.

Put a copy of the updated FileVaultMaster.keychain file in the /Library/Keychains/ folder. Open the Terminal app and enter both of the following commands. These commands make sure that the file's permissions are set to -rw-r-r- and the file is owned by root and assigned to the group named wheel. Sudo chown root:wheel /Library/Keychains/FileVaultMaster.keychain sudo chmod 644 /Library/Keychains/FileVaultMaster.keychain. If FileVault is already turned on, enter this command in Terminal: sudo fdesetup changerecovery -institutional -keychain /Library/Keychains/FileVaultMaster.keychain. If FileVault is turned off, open Security & Privacy preferences and turn on FileVault. You should see a message that a recovery key has been set by your company, school, or institution.

Click Continue. This completes the process. If a user forgets their macOS user account password and can't log in to their Mac, you can. If a user and can't log in to their Mac, you can use the to unlock their startup disk and access its FileVault-encrypted data. On the client Mac, start up from by holding Command-R during startup.

This item Crucial 16GB Single DDR3 1866 MT/s (PC3-14900) RDIMM 240-Pin Memory For Mac Pro Systems (Late 2013) CT16G3R186DM OWC 32GB (2X 16GB) PC3-MHz DDR3 ECC-R SDRAM Modules Memory Upgrade Kit for Mac Pro 2013, ECC Registered, (OWC1866D3R9M32). Buy Crucial 16GB DDR3-1866 RDIMM CT16G3ERSDD4186D. 100% compatibility when ordering using our online tools. Buy Crucial 16GB DDR3-1866 RDIMM CT16G3ERSDD4186D. FREE US Delivery, guaranteed 100% compatibility when ordering using our online tools. The lowest-priced brand-new, unused, unopened, undamaged item in its original packaging (where packaging is applicable). Packaging should be the same as what is found in a retail store, unless the item is handmade or was packaged by the manufacturer in non-retail packaging, such as an unprinted box or plastic bag.

If you don't know the name (such as Macintosh HD) and format of the startup disk, open Disk Utility from the macOS Utilities window, then check the information Disk Utility shows for that volume on the right. If you see ”CoreStorage Logical Volume Group” instead of ”APFS Volume” or ”Mac OS Extended,” the format is Mac OS Extended. You will need this information in a later step. Quit Disk Utility when done. Connect the external drive that contains the private recovery key. From the menu bar in macOS Recovery, choose Utilities  Terminal.

If you stored the private recovery key in an encrypted disk image, use the following command in Terminal to mount that image. Replace /path with the path to the disk image, including the.dmg filename extension: hdiutil attach /path Example for a disk image named PrivateKey.dmg on a volume named ThumbDrive: hdiutil attach /Volumes/ThumbDrive/PrivateKey.dmg.

Use the following command to unlock the FileVault master keychain. Replace /path with the path to FileVaultMaster.keychain on the external drive.

In this step and all remaining steps, if the keychain is stored in an encrypted disk image, remember to include the name of that image in the path. Security unlock-keychain /path Example for a volume named ThumbDrive: security unlock-keychain /Volumes/ThumbDrive/FileVaultMaster.keychain. Enter the master password to unlock the startup disk. If the password is accepted, the command prompt returns. Continue as described below, based on how the user's startup disk is formatted.

Complete these additional steps:. Enter the following command to unlock the encrypted startup disk. Replace 'name' with the name of the startup volume, and replace /path with the path to FileVaultMaster.keychain on the external drive or disk image: diskutil ap unlockVolume 'name' -recoveryKeychain /path Example for a startup volume named Macintosh HD and a recovery-key volume named ThumbDrive: diskutil ap unlockVolume 'Macintosh HD' -recoveryKeychain /Volumes/ThumbDrive/FileVaultMaster.keychain. Enter the master password to unlock the keychain and mount the startup disk. Use command-line tools such as ditto to back up the data on the disk, or quit Terminal and use Disk Utility.

Complete these additional steps:. Enter this command to get a list of drives and CoreStorage volumes: diskutil cs list.

Select the UUID that appears after “Logical Volume,” then copy it for use in a later step. Example: +- Logical Volume 2F227AED-1398-42F8-804D-882199ABA66B. Use the following command to unlock the encrypted startup disk. Replace UUID with the UUID you copied in the previous step, and replace /path with the path to FileVaultMaster.keychain on the external drive or disk image: diskutil cs unlockVolume UUID -recoveryKeychain /path Example for a recovery-key volume named ThumbDrive: diskutil cs unlockVolume 2F227AED-1398-42F8-804D-882199ABA66B -recoveryKeychain /Volumes/ThumbDrive/FileVaultMaster.keychain. Enter the master password to unlock the keychain and mount the startup disk. Use command-line tools such as ditto to back up the data on the disk. Or quit Terminal and use Disk Utility.

What Is Windows Logon Application

Or use the following command to decrypt the unlocked disk and start up from it. Diskutil cs decryptVolume UUID -recoveryKeychain /path Example for a recovery-key volume named ThumbDrive: diskutil cs decryptVolume 2F227AED-1398-42F8-804D-882199ABA66B -recoveryKeychain /Volumes/ThumbDrive/FileVaultMaster.keychain.