search cancel

Automatic Login enabled after the Symantec Endpoint Encryption client initiates File Vault encryption


Article ID: 150968


Updated On:


Endpoint Encryption




Historically, after File Vault is enabled on a system, a "Preboot" login page would be displayed in order to unlock the File Vault encrypted system.  Once this passphrase was entered, the regular Mac OS X login page would be displayed.

After a system is encrypted with File Vault on Mac OS X 10.14 (Mojave), there is only one login required by default.  This behavior is normal and happens because Single Sign-On is enabled on the system.

This can be disabled by following the steps provided by Apple:

sudo defaults write /Library/Preferences/ DisableFDEAutoLogin -bool YES


Using the following command will allow AutoLogin to occur when File Vault is enabled:

sudo defaults delete /Library/Preferences/ DisableFDEAutoLogin

Note: This Single Sign-on feature has been available since Mac OS X 10.9 (Mavericks), however all previous operating systems had the feature disabled by default.

In order to check if a system is encrypted with File Vault, run the following commands via Terminal:

diskutil apfs list

Upon running the above command, look for the name of the drive in question.  In the command line results, look for "File Vault" and this will list either "Yes" for encrypted, or "No" for not encrypted.  If encryption is currently ongoing, will list a percentage.  When it lists "Unlocked", this means the drive has been authenticated.  If this was a drive that was slaved to another system, without entering the passphrase, the disk would be in a "Locked" status.

sudo fdesetup status

Upon running the above command, File Vault will state "On" if the system is encrypted, or "Off" if it is not encrypted.  If the encryption/decryption process is in progress, a percentage will be displayed.

In order to find out a list of users, run the following command:

sudo fdesetup status