fleet icon indicating copy to clipboard operation
fleet copied to clipboard

Published 20 hours ago verified publisher icon fleetdm

Add additional FileVault 2 options as part of disk encryption settings

Open willmayhone88 opened this issue 9 months ago • 2 comments

Problem

TODO Currently you cannot add a configuration profile for additional FileVault 2 options such as, "DeferDontAskAtUserLogout, DeferForceAtUserLoginMaxBypassAttempts" via a configuration profile, due to FileVault 2 settings being managed by Fleet. If trying to upload a profile that contains these settings, you are presented with an error. Some organizations need the ability to configure those options. Requesting the ability to manage additional FileVault 2 options, that Apple allows.

Potential solutions

  1. One option would be to have these settings configurable either through the Fleet UI, or through a Fleet configuration file.
  2. Another option would be to have the ability to upload a custom configuration profile with FileVault 2 settings.

willmayhone88 avatar May 08 '24 08:05 willmayhone88

@willmayhone88, thanks for tracking this.

Makes sense to have an "Advanced" option for disk encryption to override the profile that Fleet uses today.

noahtalerman avatar May 09 '24 13:05 noahtalerman

This should also be done for Windows Disk Encryption (Bitlocker)

dherder avatar May 09 '24 20:05 dherder

Hey @willmayhone88 I updated this issue to the user story format and moved your original issue description below.

Please take a look at the user story in the issue description and let me know if you have any feedback. Thanks!

Problem

Currently you cannot add a configuration profile for additional FileVault 2 options such as, "DeferDontAskAtUserLogout, DeferForceAtUserLoginMaxBypassAttempts" via a configuration profile, due to FileVault 2 settings being managed by Fleet. If trying to upload a profile that contains these settings, you are presented with an error. Some organizations need the ability to configure those options. Requesting the ability to manage additional FileVault 2 options, that Apple allows.

Potential solutions

  1. One option would be to have these settings configurable either through the Fleet UI, or through a Fleet configuration file.
  2. Another option would be to have the ability to upload a custom configuration profile with FileVault 2 settings.

noahtalerman avatar May 13 '24 15:05 noahtalerman

@noahtalerman do you want a separate issue for BitLocker config customization?

https://github.com/fleetdm/fleet/issues/20805

nonpunctual avatar Jun 06 '24 21:06 nonpunctual

Related to a Slack conversation

JoStableford avatar Jun 06 '24 21:06 JoStableford

do you want a separate issue for BitLocker config customization?

@nonpunctual yes please.

In that issue can you please include which BitLocker options the requester is trying to tweak? Thanks :)

This defines the problem more specifically which makes it more helpful to consider all possible solutions.

noahtalerman avatar Jun 07 '24 20:06 noahtalerman

related: https://github.com/fleetdm/fleet/issues/16866

nonpunctual avatar Jul 03 '24 19:07 nonpunctual

@noahtalerman https://github.com/fleetdm/fleet/issues/20848 Seperate issue for BitLocker / Windows.

nonpunctual avatar Jul 30 '24 17:07 nonpunctual