As you dont want to be in a situation where you change the password before the script has successfully written it to disk. You'd need to confirm share access first before updating the local password though. Plus whichever admin groups are reading it.
Mac bitlocker equivalent how to#
With the local admin password, if you do figure out how to make it dynamic you could also include a cron job, or Apple task, to save the details to a network share thats restricted down so that only that specific computer can access the share. So maybe just do that manually and store it away yourself. I would assume the file vault key wont change dynamically. Havent been able to locate anything specifically relating to writing back to LDAP from MacOS.
At least the Apple KB on the topic only refers to read only access. I personally always enable BitLocker on portable Windows devices, as well as the equivalent full drive encryption technologies on macOS (Apple File Vault) and Linux.
Writing back of the local administrator password (LAPS or whichever MacOS equivalent), or bitlocker (file vault) recovery key, would require write access back to AD over the LDAP connection. BitLocker is the embedded full drive encryption technology built into Windows, offering protection against data loss if the physical hardware becomes compromised. On My MacBook Pro with Catalina, I am able to unlock a BitLocker HDD with UUByte BitLocker Geeker. You have to use third-party apps to complete the job up to now. Mostly because BitLocker is a patent protected technology.
Mac bitlocker equivalent driver#
However they are not really economical for a single machine. Apple still does not provide an official tool to access BitLocker encrypted driver on Mac. Such as Open Directory (on a mac server), JAMF, InTune etc. So it is worthwhile raising it as a concern.ĪD-GPO's do not integrate with non-windows environments. But time and time again I see poor purchasing decisions being made by the suits in a business without any investigation or oversight by the geek squad -). I get that you're already in this situation. The only time that you should have a MAC or any other deviation from your SOE is if the business case to purchase it is strong enough to outweigh the shit fight it will be to intergrate, manage, and upskill your team.
0 kommentar(er)
