Manualshelf

System information

ManualsBrandsParallels ManualsSoftwareManagement Suite SCCM
61626364656667686970
67
Parallels Mac Management Features
Personal. A personal recovery key is created automatically for each individual Mac during the
encryption procedure and is saved in the database on the primary SCCM site (p. 153). If a Mac
user forgets
the password for unlocking the disk, the personal recovery key for the disk can be
retrieved from the database and can be used to unlock the disk.
Based on the type of the recovery key that you would like to use, read one of the following topics to
learn how to create a FileVault 2 configuration item:
FileVault 2 Encryption with Institutional Recovery Key (p. 67)
FileVault 2 Encryption with Pe
rsonal Recovery Key (p. 73)
FileVault 2 Encryption with Institutional Recovery Key
This section describes how to create a FileVault 2 configuration item using an institutional recovery
key.
Creating FileVaultMaster Keychain
To use an institutional recovery key on multiple Macs, you need to create a FileVaultMaster
keychain file. The file will contain a recovery key (private key) needed to recover a disk encrypted
with FileVault 2 and a public certificate.
To create a FileVaultMaster keychain, run the following command in the Terminal (the command is
available in Mac OS X 10.7.2 or later):
$ security create-filevaultmaster-keychain /path/to/FileVaultMaster.keychain
You can omit the target path and filename if you want to create the
FileVaultMaster.keychain file in the default /Users/user-name/Library/Keychains
directory.
When prompted, choose and enter a password for the new keychain, This will become your master
password. After the keychain is created, make one or more backup copies of the
FileVaultMaster.keychain file and store them in a safe location, such as an external drive or
an encrypted volume.
You now need to export the X.509 asymmetric public certificate from the FileVaultMaster keychain
to a DER encoded certificate file.
To export the certificate:
1 Run the Keychain Access application (Applications/Utilities).
2 In the Keychain Access window, select "FileVaultMaster" keychain in the Keychains panel.
3 In the right pane, right-click the "FileVault Recovery Key" certificate and then click Export in the
pop-up menu.