mirror of
https://github.com/MLBZ521/MacAdmin.git
synced 2026-02-07 07:32:13 +00:00
54 lines
1.6 KiB
Bash
54 lines
1.6 KiB
Bash
#!/bin/bash
|
|
|
|
###################################################################################################
|
|
# Script Name: reissue_FileVaultPRK.sh
|
|
# By: Zack Thompson / Created: 12/19/2017
|
|
# Version: 1.1 / Updated: 12/21/2017 / By: ZT
|
|
#
|
|
# Description: This script creates a new FileVault Personal Recovery Key by passing a valid Unlock Key via JSS Parameter to the Script.
|
|
# - A valid Unlock Key can be any of: a user account password or current Personal Recovery Key
|
|
#
|
|
###################################################################################################
|
|
|
|
/usr/bin/logger -s "***** FileVault Key Reissue process: START *****"
|
|
|
|
##################################################
|
|
# Define Variables
|
|
|
|
cmdFileVault="/usr/bin/fdesetup"
|
|
# Check if machine is FileVault enabled
|
|
fvStatus=$($cmdFileVault isactive)
|
|
|
|
##################################################
|
|
# Now that we have our work setup...
|
|
|
|
if [[ $fvStatus == "true" ]]; then
|
|
/usr/bin/logger -s "Machine is FileVault Encrypted."
|
|
|
|
$cmdFileVault changerecovery -personal -inputplist &> /dev/null <<XML
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
|
<plist version="1.0">
|
|
<dict>
|
|
<key>Password</key>
|
|
<string>$4</string>
|
|
</dict>
|
|
</plist>
|
|
XML
|
|
|
|
exitCode=$?
|
|
|
|
if [[ $exitCode == 11 ]]; then
|
|
/usr/bin/logger -s "Failed to issue a new Recovery Key."
|
|
/usr/bin/logger -s "***** FileVault Key Reissue process: FAILED *****"
|
|
exit 1
|
|
fi
|
|
|
|
else
|
|
/usr/bin/logger -s "Machine is not FileVault Encrypted."
|
|
fi
|
|
|
|
/usr/bin/logger -s "***** FileVault Key Reissue process: COMPLETE *****"
|
|
|
|
exit 0
|