Filevault2 allows an unauthorized user to log

My Macbook Air (early 2015) has active Filevault. I am the only user of this machine.  At the time, I put in place the FV, I nominated several users who have been authorized to unlock. and note the FV recovery key.

At the time, one of the users has been Admin; I later changed it to a Standard account.  It was my main ACCT to work. After the ACTC has started having probs (though not immeddiately after the account type change) which seems to be specific in itself, I created a second account.  Call them Smith and Smith2, respectively.

I did Smith2 and a Standard acct also gave it the same password: Smith.  Smith2 has not added to the users allowed to unlockk the Mac because I don't know how to do this pr wheter this can be done at all.  My plan was to transfer Smith to Smith2.  I had not thought about Filevault until today.

I just realized that Smith2, a user not allowed to unlock the Mac, can simply connect as if encryption has not been enabled.  I was wondering if it might be because the password was allowed to FV, I changed the password of Smith2.  Made no difference.

Under the Security tab of the SysPrefs, he says that Filevault is turned on.  Today, working in recovery mode (in utility disk on an external drive, when I was ready to restart, I selected the MacHD and that it was necessary to enter a password to unlock it, before it will re-start in MacHD.)  If parts of the operating system behaves as if encryption is enabled.

But for Smith2 to just breeze in full means the encryption does not work!

I can, of course, try disabling encryption and then turn it back on again.  But it's really annoying.  Thought I'd post here for your thoughts - maybe there is a bigger problem that needs to be addressed?

MacBook Air (early 2015), Yosemite 10.10.5 kept up to date.

I would like to get this straight: Smith2 may not unlock FV, but can login and access Mac directly after a reboot (without all the other accounts connected)?

Tags: Mac OS & System Software

Similar Questions

  • Microsoft Remote Desktop does not allow users to log on simultaneously

    Original title: problem with Microsoft Remote Desktop not allowing users to log on simultaneously

    I am currently using a MAc to connect to a desktop running windows 7. Recently, when I try to access the computer with Microsoft Remote Desktop it will launch all users on the computer. He was not used to do this, does anyone have an idea what could have caused this and how to fix it?

    Hi Bert,.

    Thanks for posting your query in Microsoft Community Forum.

    The question you posted would be better suited in the TechNet Forums. However, we can refer to the articles below and check if the problem still persists.

    Configure the remote desktop on Windows 7 systems

    Connect to another computer using Remote Desktop connection

    If the problem persists, I recommend posting your query in the TechNet Forums for the best support.

    Hope this information is useful. Do not hesitate to write to us in case you have any problems/concerns while working on your computer, we will be happy to help you.

    Thank you.

  • What is the use of having a password if an unauthorized user may cancel its requirement?

    I don't understand why there is a cancellation of the requirement of password button. If an unauthorized user to access my account by internet or this pc, what he has to do is click the button 'Cancel' on the pop-up password (password is required to access my mail) and there is full access.

    It's the same thing with the password. The field will allow even one to get into a new, which makes no sense.

    Email passwords and their actions are administered by the e-mail providers. Participation only Thunderbirds is to store the password, if you have selected this option and give it on the server being queried.

    The master password is to protect access to your passwords registered and not to your mail.
    http://KB.mozillazine.org/Master_password

    If someone gets access to your account via the Internet web mail interface, Thunderbird has nothing to do with it.

  • Is there a way to recover deleted history sites? Also, a way to prevent unauthorized users to erase history?

    Is there a way to recover deleted history sites? Also, a way to prevent unauthorized users to erase history?

    You need administrative rights to do this. Be careful as it is possible to easily create a very difficult to solve waste.

    Run gpedit.msc

    Reach

    -User configuration

    -Administrative templates

    -Windows components

    -Internet Explorer

    -Delete browsing history

    Disable the feature turned on 'delete browsing history '.

    You also probably want to configure

    -InPrivate

    Disable the active InPrivate browsing

    If you use IE8; Otherwise, the user can simply avoid registering in the first place.

    Also - the browser menus

    Tools menu: Disable Internet Options... menu active

    would be a good thing; Anyone who shouldn't be allowed to delete the history of should not be also change too much in the Internet Options.

    For some reason, changes to this setting of group policy have no effect in IE6 and IE8 on a workgroup computer XP Pro.

    In fact, I would like to disable the entire Tools menu item; However, there don't seem to be any means to do.

    Run gpupdate /Wait:0

    Any user who cannot access gpedit.msc, editing the registry (regedit.exe, regedt32.exe) or mmc.exe may re-activate it now grayed out in the menu items.

    Note: mmc.exe can be activated by right clicking my computer even as a limited user. Remove or deny permissions to these files for administrator users.

    I would like to configure them on a per user or user group basis. Does anyone know of a way to do by not part of a domain?

    I know no direct way to recover deleted history sites. Perhaps, they enter the trash somewhere. They may be captured by the network of monitoring programs, even if they have been deleted from the personal computer.

  • Allow a standard user to run a program with elevation of the admin.

    I have a program that will run only on admin or with the approval of the admin. I want him to be executed on all users computers with standard users. How can I do this?

    That has never been answered so for those looking for an answer...
    Log in as an administrator and disable UAC
    -> Panel-> accounts user and family safety-> user accounts modify the user account control--> then just slide down never notify.

    This will allow a standard user to access admin and admin stop programs confirm the open each time

  • Is it possible to force a user to log on again when you use oauth 2 (implicit subsidy)

    Hello

    I am building an application based on a webservice is in the APEX being accessible by an interface javascript through ADR. I use the "Implicit subsidy" stream of the OAUTH 2.

    When the user has finished with the application, he or she should be able to disconnect from the application if another user can log on (on the same computer and browser). But without clear all cookies, ADR automatically will give an access to the previous user token, without displaying the login screen to Déby/allow access to service web rest.

    (Clear cookies is not possible via javascript, since they are httponly)

    I know this isn't 'normal' how to use oauth2, but I would like to be able to disconnect user. So, how can I force ADR to show the loginscreen to give another user the ability to connect?

    Alexander

    You can force the flow of implicit code to prompt the user to connect by adding _auth_ = force in the approval request query string. To follow the example shown in the [1] Developer's guide

    change:

    https://server:port/ords/resteasy/oauth2/auth?response_type=token&client_id=CLIENT_IDENTIFIER&state=STATE

    TO:

    https://server:port/ords/resteasy/oauth2/auth?response_type=token&client_id=CLIENT_IDENTIFIER&state=STATE&_auth_=force

    [1]: Data Services Developer's guide REMAINS

  • Comments operations are not allowed for anonymous users on this virtual machine

    Hello

    After a lot of trying, I finally managed to connect to a virtual machine in VMware Server 2.0.2

    However, I get the error "comments operations are not allowed for anonymous users on this virtual computer" when I try to run notepad.exe. I think that some permissions must be set. So I put comments and guests of user group to be able to administer the object (VM); but still this error comes.

    Can someone help me pls with getting beyond this error.

    Thank you very much.

    This has come up before on this Forum. Be default, Windows does not allow for remote log-ins for accounts without password, which prevents the VIX to perform log-ins comments in this situation.

    You can follow the steps described in the following thread to enable remote log-ins for accounts without password or change the account to have a password.

    http://communities.VMware.com/message/910606

  • Windows Mail error 0x800CCC92: Operation of Pop is not allowed for this user

    Split of: ' "windows mail error code: ox800CCC0E, error code 10060".

    Account: 'mail.bigpond', server: 'mail.bigpond.com', Protocol: POP3, server response: '-ERR pop operation is not allowed for this user.', Port: 110, secure (SSL): no, Server error: 0x800CCC90, error number: 0x800CCC92

    It's what keeps appearing on my Windows Mail when I go in there. BigPond say they have problems with Windows Mail and try to fix it.  Any ideas please?

    Thanks LyndaBeresford

    If they have problems, then it is not that you can do about it until they solve these problems.

    You can access your e-mail via webmail: https://signon.bigpond.com/login?site=chw&goto=http%3A%2F%2Fmessaging.bigpond.com%3A80%2F%3Fref%3DNet-Head-Webmail

    Steve

  • received a message that other users have logged on to my computer

    When I rebooted my computer which i rarely stop/restart, I received a message stating that the other users are logged on and I wanted to go forward.  There should be no one else except my admin account & a guest account. I ran MS Security Scan which found nothing. Should I be worried? Should I do something else?

    My computer is a Gateway desktop computer around the age of 20 months, under Vista 64-bit, do not know what other information you might need.

    Hello

    · The guest account is disconnected?

    Disable the account invited on the computer and check the results. You can check the link: enable or disable the guest account the: http://windows.microsoft.com/en-US/windows-vista/Turn-the-guest-account-on-or-off

    Also, make sure that you update the security software installed on the computer.

  • Screensaver won't turn on unless a user is logged

    We have two machines professional Vista I installed a custom screensaver.  It will not work if a user is logged on to the computer, but he that is registered in the screen becomes black and a white mouse pointer will appear.  I have Adobe flash installed and uninstalled and reinstalled without a bit of luck.  A computer has a keyboard and wireless mouse and the other are wired.  This screensaver works fine on XP.

    Thank you-

    Joan

    CUTech salvation,
    Check the sleep, hibernation, and the screen saver settings. Make sure that none of them are programmed in arrive at the same time or even within 2 or 3 minutes on the other.

    Also, check that the monitor is not set to turn off at the same time either.

    The computer properly reacts if you move the mouse after it happens.

    I think you should also update the video drivers. You'd be surprised the questions how we see, relate to the strangeness of the video driver!

    Let us know if it does.
    Matt Hudson
    Microsoft Answers Support Engineer
    Visit our Microsoft answers feedback Forum and let us know what you think.

  • Activate the user audit logs and hide the other audit logs account system on computers in a domain by using Group Policy

    Hello

    Please could someone advise me on how to activate the user audit logs and hide the other audit logs account system on computers in a domain by using Group Policy. Your help would be much appreciated.

    Kind regards

    RocknRollTim

    Hello

    Please contact Microsoft Community.

    We have a specific forum for the computers in the domain and they are experts in this field of investigation and would be in a better position to address the concerns. So refer to the link below and post your query on the TechNet Forums.

    https://social.technet.Microsoft.com/forums/en-us/home

    I hope this helps. If you have any questions on Windows, please answer. We will be happy to help you.

  • restrict users to log on to a computer

    I have a Windows 7 pro computer that is joined to a domain. I need shore locking the computer, while only 1 user can log on to the workstation.

    Hi Jim,.

    Welcome to the Microsoft community!
    The question you have posted is better suited in the TechNet forums. Please post your request there.
    Here is the link: http://social.technet.microsoft.com/Forums/en-US/category/w7itpro/

    It will be useful. For any other corresponding Windows help, do not hesitate to contact us and we will be happy to help you.

  • I have a network drive. & Passwords, I want to force their users to log in there every time and do not use the last name of user and password.

    I have a network (an Iomega iconnect nas) drive. I want to force their users to log in there every time and do not use the last name of user and password. They can change it in control of card-how can I make sure they. I'm only using Windows 7 as standalones (with lan), there is no server connection

    Hello

    I suggest you post the same question in the TechNet forum and check if it helps.

    http://social.technet.Microsoft.com/forums/en-us/w7itpronetworking/threads

  • User not logged 120 days

    Hello

    My client has a requirement that they want to have an alert to users who are not logged in the database for the last 120 days, or users must be locked.

    How to get there?

    Kind regards

    Fran wrote:

    User profile:

    Administration of user accounts and of security

    Password policy is a starting point, but it's not really meet the requirements of the PO.  Simply does not connect does not cause an account to expire or lock.  The account will be compared against the policy until the user does log.  So if an account is abandoned - say the user leaves the Organization - its account will be just sitting there in the open State.  Only when he tries to connect again to life of password and check the grace period.

    I think the only option of the OP is to audit logons, and then use the audit trail to drive the process of identification and blocking of these accounts.

    It would be great if Oracle would add a LAST_LOGON_DATE to DBA_USERS.

  • How to check when a user last logged on vCentre

    Hi all

    Is there anyway to check when a user is logged into/out of the vCentre?  I checked task/event also sessions but this does not tell you when the users are logged in/out.  Basically, I'm looking to find security audits.

    The part of events of tasks & events you will get this information.  You may need to increase the page size for the tasks and events, you lie down search window.  In the toolbar above, click edit - client settings-lists tab.  Change the size of the page to something bigger, maybe 50

Maybe you are looking for