Introduction
Depending on how the user account was provisioned on a device running macOS, certain checks can be run to verify volume ownership and cryptographic capabilities of a user.
Verification of cryptographic users
To verify cryptographic capabilities of a user, please launch Terminal and execute the following command:
sudo /usr/bin/fdesetup list
All being well, you should be presented with the following output:
james.appleseed,B68F47E6-3B4E-4463-8062-9BF7446905B0
Please ensure you note down the alphanumeric string after the username.
Verification of volume ownership
To verify volume ownership capabilities of a user, please launch Terminal and execute the following command:
diskutil apfs listcryptousers /
You should now be presented with the following output:
Cryptographic users for disk3s1s1 (3 found)
|
+-- B68F47E6-3B4E-4463-8062-9BF7446905B0
| Type: Local Open Directory User
| Volume Owner: Yes
|
+-- EBC6C044-0000-12AA-AA11-00304543EDAC
| Type: Personal Recovery User
| Volume Owner: Yes
|
+-- 2457712A-523C-6604-B75A-G48A571D5036
Type: MDM Bootstrap Token External Key
Volume Owner: Yes
Now, using the alphanumeric string noted down when verifying cryptographic users, you should see the same alphanumeric string listed with Volume Owner: Yes associated.
If it exists, you have verified the user can be enabled for FileVault and can perform software updates on the macOS device.
Need further support?
Automate. Simplify. Succeed. If you still require assistance with us or have any further questions, please raise a ticket with our support team.
Alternatively, please see our frequently updated knowledge base articles for reference.