How do you handle local administrator accounts in Jamf Now?

Question

I'm frustrated and ashamed to have recently found out that there's currently no way to exclude a dedicated administrator account from password expiration policies in Jamf Now. I just had a big batch of user accounts all hit expiration and now I can't run any admin scripts on their machines without manual intervention to reset the password OR to have remote users restart the machine and reset the password for me (which obviously exposes it to them). Besides the "just upgrade to Jamf Pro" suggestion from support (at almost double the price, and me spending months rolling this out to over 100 users), are there any other simple or obvious solutions, scripts, tricks, etc. that would help alleviate the need to manually reset the admin account every XX months while still making local users keep good password hygiene?

chaz · Answer

Hey @jbarthelt,The Security profiles Jamf Now installs are deployed over the System Scope which means all local accounts on the Mac will be impacted by the password requirements set within the profile. One workaround with your current setup would be to use a different method of managing password updates via the Jamf Connect menu bar (enabled via Jamf Fundamentals). Jamf Connect would allow users to sync their local passwords to an Identity Provider if you happen to be using one. Jamf Fundamentals currently supports Okta and Azure so this may be something worth considering depending on your current situation. Here is more information on Jamf Fundamentals for reference:https://www.jamf.com/products/fundamentals-plan/ Hopefully this information helps!  ~Chaz

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded