Skip to main content

Hi,

I need some suggestion for local account creation using Jamf Connect Prestage. I am using Azure SSO part for account creation. Now all the local accounts are created with Admin privileges. I am planing to bring admin restriction in place. No one get admin rights from the beginning. I am using below Jamf Connect Config profile to create local account. I need some suggestion to make changes here, by default users creation should be without admin privileges.

-----------

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CreateJamfConnectPassword</key>
<true/>
<key>EnableFDE</key>
<true/>
<key>LAPSUser</key>
<string>admin</string>
<key>OIDCAdmin</key>
<string>Admin</string>
<key>OIDCAdminAttribute</key>
<string>roles</string>
<key>OIDCClientID</key>
<string>****************</string>
<key>OIDCNewPassword</key>
<false/>
<key>OIDCProvider</key>
<string>Azure</string>
<key>OIDCROPGID</key>
<string>***************</string>
<key>ScriptPath</key>
<string>/usr/local/jamf/bin/*****.sh</string>
</dict>
</plist>

--------------------

Please leave your commands.

So in the 'login' configuration profile there is a key to determine whether you create the users as an admin or not from the start 

<key>CreateAdminUser</key> <false/>

If you use either the Jamf Connect Configuration app or when creating a config profile in Jamf select Application & Custom Settings > Jamf Applications you can just configure all these options in the GUI and have the plist/keys written out for you automatically (if you're not already). See the attached screenshots for examples. 

 

Hope that helps. 

Hi r0blee 

Thanks for your input, so we can create the config profile based from Jamf console itself? because during the time of on-board i was suppose create the Config profile using Jamf Connect Configuration App. So i can't remember the steps now. Let me try and see, if incase i need any doubt i will post here. 

 

Hi r0blee 

Thanks for your input, so we can create the config profile based from Jamf console itself? because during the time of on-board i was suppose create the Config profile using Jamf Connect Configuration App. So i can't remember the steps now. Let me try and see, if incase i need any doubt i will post here. 

 


You can do it either way (Jamf console or Jamf Connect Configuration app and then upload the config profile generated. 

Something to consider though is that when you do it via the Jamf Console when you select a higher version of Jamf Connect it clears the settings you have already set in that window, so I normally create a new profile along side my existing one so I can see the settings side by side. 

If you do it via the Configurator app then it won’t know about new features in Jamf Connect automatically like Jamf Pro does so you’ll need to make sure to download a new version of Jamf Connect that contains the new Configurator tool each time. 

Terms & ConditionsCookie settingsAccessibility statement