Hey all.
getting ready to move LAPS into our system. what are the best steps to incorporate with already managed macs?
Question
LAPS for macs
+17
+13Are you going to use Jamf's built in LAPS? Its easy to set up, just have to understand how and what you might be using the local admin account for (if anything). Read up on some of their documentation
+13Identify whether you intend to use MDM LAPS or JAMF Framework LAPS or both . Ensure that the managed user account is not the same on UIE and Prestage Enrollment.
+13LAPS will be enabled only on the New Enrollment, JAMF LAPS can't be enabled for the device which is already Enrolled
+9I will be delving into this in our environment in the next few weeks, so I don't have experience to share yet. But I'm sharing some resources that I will be referring to:
There was a good talk at JNUC: Break Glass: How To Securely Administer Computers Using Jamf Pro LAPS. If you were there you can access it now; otherwise I believe it will be available for everyone next month: https://events.jnuc.jamf.com/widget/jamf/jnuc2024/sessioncatalog24/session/1714231330197001Zx7Y . I recommend that you watch this, they explain very well the differences between MDM LAPS and Jamf Framework LAPS, and depending on your situation one is likely better than the other.
You also might want to take a look at this, it might be possible for you to enable LAPS on machines that are already enrolled: https://gist.github.com/talkingmoose/9f4638932df28c4bebde5dd47be1812a
+4I did this a few months ago. The biggest takeaway is that if you currently use the extension attribute to do LAPS, back them up. The other really big take away is communication/document/training. It went really smoothly b/c I did these.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.