Apple - Disable a user's ability to unlock a FileVault 2 volume at startup/login time

Use fdesetup:

sudo fdesetup remove -user username

See: http://derflounder.wordpress.com/2012/07/25/using-fdesetup-with-mountain-lions-filevault-2/

It is not impossible. (Although if you have deleted user you may have made this more complicated!)

I wrote the article 'jaydisc' linked to and just tested that it still works in 10.7.4:

Assume that you have an admin user 'charlie' that you want to be able to use, but not unlock, the computer:

sudo su - charlie  
$ passwd 
Changing password for charlie.
Old Password:**[enter old password here]**
New Password:**[press enter]**
Retype New Password:**[press enter]**
$ 

Note that you cannot do this:

sudo passwd charlie
Changing password for charlie.
New password:

because if you press enter when you get the 'new password prompt' it will come back and say:

Password unchanged.

It looks like temporarily removing the users' passwords removes them from the EFI boot menu:

http://www.tuaw.com/2011/12/12/prevent-certain-accounts-from-unlocking-filevault-2/

Unfortunately, in my case, some of the users are Open Directory Mobile users, and I am unable to find out a way to set their password to empty.