Today I Learned: Remove a user from FileVault
Brendan Thompson • 28 July 2021
This TIL ties in with my post from yesterday on TIL: Multi-user Homebrew.
If you have multiple user accounts on your Mac there it is likely that they all have access to be able to unlock FileVault. As a general rule I would recommend only having a single non-admin account have the ability to unlock FileVault.
The following command will show you how to remove a named user from FileVault using their username
:
sudo fdesetup remove -user <Username>
This unfortunately does not give any output, so you will need to check the users associated with the the volumes by using:
sudo fdesetup list
The above will return you an output like below:
username,62394b7e-4660-4982-a7e0-a4c5f8c4043c