Is there a way to DISABLE a user from decrypting the boot volume?

Question

I see a very well documented way, if a user is not enabled to decrypt the boot volume, to enable that user: just go into the FileVault control panel, and if there are users not permitted to boot the system, there will be a message so-indicating, and a button that will bring up a dialog for enabling them.

I have the converse problem: I have a user FileVault-enabled user, who should NOT be.

Is there a way to do this?

What is the documented way you have seen? Which article/page/site is it? — Thinkr, May 22 '23 at 18:52
Possible dupe : https://apple.stackexchange.com/q/18358/489896 — Thinkr, May 22 '23 at 18:53
@Thinkr: Thanks. Accordingly, I just added a cross-reference as an answer, and voted to close my own question. — hbquikcomjamesl, May 22 '23 at 19:08
@Allan: It does indeed. See my reply to Thinkr's question. Dunno whether it works on Catalina or Ventura, but I can certainly confirm the assertion by Rafael Bugajewski (in the other thread) that it works just fine on Yosemite. — hbquikcomjamesl, May 22 '23 at 19:10
You can flag it as a dupe and it will automatically link. The answer will likely be deleted. — Allan, May 22 '23 at 19:11

score 2 · Accepted Answer · answered May 22 '23 at 19:05

2

This is indeed a duplicate of Disable a user's ability to unlock a FileVault 2 volume at startup/login time, i.e., sudo fdesetup remove -user username

answered May 22 '23 at 19:05

hbquikcomjamesl

914

1

Excellent! Well close this and your words will help others search and know the questions are solved with the same answer. +1 – bmike May 22 '23 at 19:20

Is there a way to DISABLE a user from decrypting the boot volume?

1 Answers1