Skip to content Skip to site navigation Skip to service navigation

How to Install VLRE for Mac

When you run the VLRE installer, you are presented with Stanford's Device Enrollment app, a brief questionnaire that gathers basic information about your computer. If you previously responded to these questions, your answers are displayed and you can change them if you wish.

After you complete the questionnaire:

  • If your computer was encrypted using the Stanford Whole Disk Encryption service (SWDE) no further action is required.
  • If your computer is not encrypted, VLRE steps you through the process of encrypting your hard drive. You are prompted to enable FileVault 2, Apple's built-in encryption technology, to encrypt the whole disk.
  • If you self-encrypted your computer by turning on FileVault 2,  you are presented with an option to have your recovery key escrowed in a secure database. This option is highly recommended because it allows you to use the MyDevices service to recover your encryption key. If you forget your password you need your recovery key to access your computer. If you don't have your recovery key, your data is permanently lost.

Download software

Download software for Mac OS X 10.9 and above:

If BigFix is installed on your computer it must removed before you can install VLRE. See the BigFix Removal Instructions for more information.

Device enrollment questionnaire

  1. Run the VLRE  installer.
  2. When the Install VLRE screen displays, click Continue. A setup wizard guides you through the steps necessary to install the software.

    start the VLRE installation  
  3. First, the Device Enrollment app runs, asking a series of questions regarding the use of this computer for Stanford business. If you have already answered these questions, please review the answers and make any necessary corrections. Click Proceed Now.

    start the enrollment questionaire  
  4. Next, choose whether or not you have a valid SUNet ID and then click Continue.

    query for valid SUNet ID  
  5. If you have a valid SUNet ID:
    • Enter your SUNet ID and password on the WebLogin screen.

      WebLogin screen
    • You will be asked to answer some questions about this device and the types of data that is accessed and stored on it.
  6. If you do not have a valid SUNet ID:
    • If you are no longer affiliated with Stanford, the questionnaire is terminated.
    • If  this computer is used for Stanford work, the questionnaire is terminated. Someone with a valid SUNet ID needs to complete the questionnaire.

Encrypt with VLRE

If you need to encrypt your computer, VLRE steps you through the encryption process after the questionnaire is completed.

Before you begin

Note: You are encouraged to contact your local support organization to make sure your system is being routinely backed up prior to encrypting.

IMPORTANT: Make sure that you back up your computer or data before you start encrypting. If the disk encryption process encounters a disk error, data loss or corruption could occur. Code42 CrashPlan provided by University IT is the recommended backup service and is widely used within Stanford, but your local IT group may provide other options.

  • Before starting the encryption, make sure your computer is on AC power and has an active network connection.
  • Depending on the size and speed of your hard drive and how many files are stored there, encryption can take from 45 minutes to two days. You may want to install the the software at the end of the day and let the encryption run over night. You can use your computer during the encryption process, but certain activities may be noticeably slower.
  • Note regarding Boot Camp: FileVault 2 does not encrypt the Windows partition on systems running Boot Camp.  Therefore,  to be compliant machines cannot run Boot Camp.  OS X users needing to run Windows need to use VMware Fusion or Parallels.

Click OK to begin whole disk encryption.

message saying that VLRE was installed successfully

Encrypt

  1. You  are given the option to escrow your encryption recovery key in a secure database. Selecting Yes is highly recommended because it allows you to use the MyDevices service to recover your encryption key. Click Next to continue.

    option to escrow recovery key
  2. The next screen describes what to expect. If you are ready to encrypt your hard drive, check I have a backup and understand the risks involved and wish to continue and then click Continue. (If your computer is already encrypted this screen does not display.)

    what to expect from the encryption process
  3. When the Welcome screen is displayed, click Continue.

    Welcome to the Encryption Installer screen
  4. Next, a policy agreement is displayed. Read it and click Agree to accept the terms of the policy agreement and continue with the installation.

    policy agreement
  5. Click Configure to enable FielVault2.

    click Configure to enable FileVault2
  6. You will see a message saying that you need to restart your computer after FileVault2 is installed. Click Yes.

    warning message that computer will restart after FileVault2 is installed
  7. Enter your administrator account name and password and then click Unlock.

    administrator password prompt
  8. Your recovery key is displayed. You will need this to unlock your FileVault 2 encryption if you forget your computer password. Make a copy of the recovery key and store it in a safe place. Then, click Close.

    display of encryption recovery key
  9. Click OK to restart your computer and complete the FileVault2 configuration.

    message to restart your computer to complete FileVault2 configuration
  10. After your computer restarts, enter your account password.

    pre-boot login
  11. A window displays the encryption status.
    Note: You can use your computer while it is being encrypted.

    encryption status

Self encryption

If you encrypted your computer using FileVault 2 without using Stanford Whole Disk Encryption (SWDE), you are responsible for managing the recovery key.

After completing the questionnaire you are presented with an option to have the recovery key escrowed in a secure database. This option is highly recommended because if you lose or forget your recovery key, your encrypted data will be irretrievable.

If you opt to have your recovery key escrowed:

  • Mac OS X 10.9.5 and above: a new recovery key is generated and then escrowed.
  • Below Mac OS X 10.9.5: a dialog box prompts you to enter your recovery key.

If you need help

  • If you encounter problems, please call (650) 725-4357 or submit a Help ticket.
Last modified June 13, 2017