Hi all,
I am currently trying to enable LAPS for our computers and after reading through documentation and watching videos on the topic, I disabled the creation of the local MDM admin account in PreStage and only enabled the UIE admin account.
New problem that arose with that: The account created by the user during setup is now an admin. But I don't want that.
Does anyone have an easy solution for that?
You can still create a local admin account in the PreStage, just dont use the same name as the UIE account, and you'll be good to go. Then just make sure that the 'Local User Account Type' in your PreStage is set to 'Standard Account', and the first account created will be a Standard user.
You can still create a local admin account in the PreStage, just dont use the same name as the UIE account, and you'll be good to go. Then just make sure that the 'Local User Account Type' in your PreStage is set to 'Standard Account', and the first account created will be a Standard user.
What about that admin's password though? The recommendation is to not use both admin account types (MDM and Binary) for LAPS and having the same admin account with the same static password on all machines eliminates the benefits/use of LAPS completely.
I dont think the password matters as much as the account name being different. Either way, LAPS will set/rotate the passwords for the accounts separately. Each system will have a different password for the accounts.
You guys can know more on Implementation on Jamf Pro LAPS by William Smith - https://youtu.be/vsD1RHF6Rlg?si=6Kz8OtX5Z3o8rhm5
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.