At the office we have a Mac mini that will be used to run a Teamcity agent. It is a requirement from our security department that we enable FileVault on this machine.
I will also need to manage remotely (via Screen Sharing) this Mac mini from my laptop. I don't want to have to plug in a monitor + mouse + keyboard to manage the build agent.
On this Mac mini, we have 2 accounts: 1 admin account, and 1 teamcity account (standard user). Since the plist file that will run the agent is located in /Users/teamcity/Library/LauchAgents, I currently need to log in (via the login screen) as teamcity for the agent to start.
My problem is that after I restart the Mac mini, I can't "Share Screen" with the Mac mini.
The only solution around this that I found is to manually log in (from the login screen) to the teamcity account. Of course, I don't want to have to plug in a keyboard + monitor to start the agent.
My question is: how can I remotely "Share Screen" to a FileVault-enabled Mac, if the target user (teamcity) is not logged in?
Best Answer
Other answers here are correct - it is not possible to remotely access a freshly-booted Mac with FileVault enabled without physical access (FileVault operates 1 layer closer to actual software than a 'traditional' BIOS or firmware password).
It is, however, possible to remotely reboot a Mac and force it to allow remote access even with FileVault enabled, provided you issue the correct command:
Apple calls this 'Authenticated Restart' official semi-documentation is available here, with a more in-depth view from C|Net gives a high-level description of its workings.
Note that if a Mac is not restarted with this command (a regular restart, powerloss, or otherwise), physical access will be needed to access the Mac. The command also (obviously) requires admin privileges to run.