Hi, I accidently Turn On "Enable LAPS for PreStage accounts", now all my DEP macbook password automatically updated. Now user not able to login to their macbook.
Is there a way to revert this?
Thank you.
Question
Accidently Turn On "Enable LAPS for PreStage accounts"
+1
+20That should only rotate passwords for account/s created in your PreStage. Is the user your customer, or the administrator trying to log in with the admin account?
If it’s an admin, say a technician, they would have to look up the rotated password via Jamf.
I don’t think you can undo it, even if you uncheck the box.
• Enable LAPS for PreStage accounts
This option enables MDM LAPS for all new and existing managed local administrator accounts created via PreStage enrollment. Deselecting this option will prevent LAPS from being enabled on new accounts, but it will not disable LAPS on existing accounts.
+26This setting only applies to the admin account created during the prestage, and users should never be logging in with this account for any reason. Any techs logging in with it should have access to check the password out.
You can disable LAPS in Jamf settings, but devices that enrolled with LAPS will have to have macOS reinstalled as that LAPS flag is only checked during account creation at enrollment.
+2I believe the LAPS management is based off of the account’s UUID, so you could potentially disabled LAPS, delete the account from the system, then recreate the account with the same name. That might allow you to inherit the home directory, but since it will have a different UUID, Jamf will no longer try enforcing LAPS management. That said, there are a lot of assumptions involved with this and like others have stated, you really shouldn’t be having users log in with this account, regardless of LAPS status.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.