Skip to main content
Question

Cannot login with Local Admin

  • November 14, 2024
  • 6 replies
  • 120 views
NeiSpe77
Forum|alt.badge.img+8

Hey guys,

This past summer I updated a couple computer labs from Monterey to Sonoma and I was able to login with it.

I tried to login to one of the MacBook Airs this week and it's not accepting my password. I grabbed another laptop from the lab and same thing. This has never been an issue in the past and I know I am entering the correct password. The account is created in the PreStage Enrollment.

I did some looking into this to see if anyone else is having this issue. It sounds to me like it could be a LAPS issue.

I watched a couple of JNUC videos about LAPS and read a post about "How to Securely Manage Local Admin Passwords with Jamf Pro and LAPS". I never turned it on and I checked my Computer Management->Security settings and my jamfinstance/API and it looks like it's still off.

Anyone else have this issue or have any ideas?

Thanks!

    6 replies

    talkingmoose
    Forum|alt.badge.img+36
    • talkingmoose
    • Community Manager
    • November 14, 2024

    Check your computer's inventory record.

    If it was enabled for LAPS, then you'll see it listed under the General settings > Managed Local Administrator Accounts.

    If the account isn't LAPS managed, then something else is happening.

    howie_isaacks
    NeiSpe77
    Forum|alt.badge.img+8
    • NeiSpe77
    • Author
    • Contributor
    • November 14, 2024

    Check your computer's inventory record.

    If it was enabled for LAPS, then you'll see it listed under the General settings > Managed Local Administrator Accounts.

    If the account isn't LAPS managed, then something else is happening.


    Sorry, do you mean here (see screenshot)?

    Thanks for your reply.

    talkingmoose
    Forum|alt.badge.img+36
    • talkingmoose
    • Community Manager
    • November 14, 2024

    Once a computer is LAPS managed, it stays LAPS managed even it you turn off the feature. Turning it off only affects computers going forward.

    Check the computer's inventory record under General settings > Managed Local Administrator Accounts.

    NeiSpe77
    Forum|alt.badge.img+8
    • NeiSpe77
    • Author
    • Contributor
    • November 14, 2024

    Once a computer is LAPS managed, it stays LAPS managed even it you turn off the feature. Turning it off only affects computers going forward.

    Check the computer's inventory record under General settings > Managed Local Administrator Accounts.


    Thanks for that. I go there and then click on View accounts and passwords and it takes me to Local Users Accounts. I see Username Source & Password. Under password is View. When I click that it says: Rotating after viewing. Viewing the password will cause the password to rotate in 1 hour.

    Does that mean LAPS is on? Every setting I see in Jamf, it is not on. I never turned it on myself.

    talkingmoose
    Forum|alt.badge.img+36
    • talkingmoose
    • Community Manager
    • November 14, 2024

    Thanks for that. I go there and then click on View accounts and passwords and it takes me to Local Users Accounts. I see Username Source & Password. Under password is View. When I click that it says: Rotating after viewing. Viewing the password will cause the password to rotate in 1 hour.

    Does that mean LAPS is on? Every setting I see in Jamf, it is not on. I never turned it on myself.


    Yes, that's right. LAPS is enabled for that account.

    Regardless of how it happened, you can either erase and re-enroll the computer, which is pretty heavy-handed, or use a policy to delete the account on affected computers and recreate it.

    NeiSpe77
    Forum|alt.badge.img+8
    • NeiSpe77
    • Author
    • Contributor
    • November 14, 2024

    Yes, that's right. LAPS is enabled for that account.

    Regardless of how it happened, you can either erase and re-enroll the computer, which is pretty heavy-handed, or use a policy to delete the account on affected computers and recreate it.


    I feared as much. I'm afraid that if I erase and re-enroll it will just be LAPS enabled again. I haven't made any changes. Especially not to turn it on.

    The laptops are leased, and will be replaced next summer. Any tips on where to look to make sure it's not on? Again any setting I've looked at it's not on. So I'm confounded why this is happening.

    If I delete the account and recreate it won't I run into a Secure Token issue?

    Thank you for your help :).

    Terms & ConditionsCookie settingsAccessibility statement