Use institutional Recovery Key (ADMX)

=== Notice ===

This group policy should only be used for admins who are not able to use the non-ADMX setting under:

Computer Configuration -> Centrify Settings -> Mac OS X Settings -> Security and Privacy -> FileVault 2 -> Enable FileVault 2

Non-ADMX settings will take precendence over this ADMX setting.

=== Setting Instructions ===
Enable this group policy to enable FileVault 2 using institutional recovery key.
Under ADMX Settings, Go to Security and Privacy -> File Vault 2 -> Use Institutional Recovery Key
1. Click Enabled
2. On your Mac, run the following in Terminal to output the certificate file the certificate you plan to "upload" in hex format: xxd -p {certificate filename}
3. Copy the output from (3) and paste it into "Certificate content in HEX:" without the newlines and spaces so that it's all one uninterrupted string.

For detailed information please read the FileVault 2 group policy section in document "Admin Guide for OS X".

Supported on:

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\Mac\Security\FileVault2
Value NamePersonalEnable
Value TypeREG_SZ
Enabled Value0
Disabled Value1

Certificate content in HEX:

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\Mac\Security\FileVault2
Value NameCert
Value TypeREG_SZ
Default Value

centrify_mac_settings.admx

Administrative Templates (Computers)

Administrative Templates (Users)