How do you handle local administrator accounts in Jamf Now?

jbarthelt
New Contributor

I'm frustrated and ashamed to have recently found out that there's currently no way to exclude a dedicated administrator account from password expiration policies in Jamf Now. I just had a big batch of user accounts all hit expiration and now I can't run any admin scripts on their machines without manual intervention to reset the password OR to have remote users restart the machine and reset the password for me (which obviously exposes it to them). Besides the "just upgrade to Jamf Pro" suggestion from support (at almost double the price, and me spending months rolling this out to over 100 users), are there any other simple or obvious solutions, scripts, tricks, etc. that would help alleviate the need to manually reset the admin account every XX months while still making local users keep good password hygiene? 

 

2 REPLIES 2

chaz
New Contributor III
New Contributor III

Hey @jbarthelt,

The Security profiles Jamf Now installs are deployed over the System Scope which means all local accounts on the Mac will be impacted by the password requirements set within the profile. 

One workaround with your current setup would be to use a different method of managing password updates via the Jamf Connect menu bar (enabled via Jamf Fundamentals). Jamf Connect would allow users to sync their local passwords to an Identity Provider if you happen to be using one. Jamf Fundamentals currently supports Okta and Azure so this may be something worth considering depending on your current situation. Here is more information on Jamf Fundamentals for reference:

https://www.jamf.com/products/fundamentals-plan/

 

Hopefully this information helps! 

 

~Chaz

jbarthelt
New Contributor

No identity provider in use and no one with experience enough to manage one at this point.  Good thought though, I like that.