Admin Account Best Practice

forrest99
New Contributor III

I am fairly new to Jamf and inherited a system that someone else set up. I am looking for guidance with regards to Local Admin accounts.

We have one account that is set up in Global > User-initiated enrollment > macOS. This works fine on enrollment.

However, there is a second Local Admin account that is created by a Policy that runs at enrollment, startup and check-in.

To me this seems like overkill, but to make sure I wanted to get some insights from the community.

Do we need two Local Admin accounts? Would the first one be sufficient? What are the advantages and disadvantages of having two?

Thanks.

1 ACCEPTED SOLUTION

junjishimazaki
Valued Contributor

Like I stated, I would find out what the second admin account is used for. If the second account doesn't really serve any kind of purpose, then there is no need for that second admin account. 

View solution in original post

5 REPLIES 5

junjishimazaki
Valued Contributor

Since this is your environment. I think the question to start with is why is the second local admin account created. What purpose does that second account serve?

forrest99
New Contributor III

@junjishimazaki These are good questions and echo my own. As I said in the question, I inherited this setup and my goal is to bring it up to best practices standards. If one local admin account is all that is needed I don't have any objection to removing the second one.

junjishimazaki
Valued Contributor

Like I stated, I would find out what the second admin account is used for. If the second account doesn't really serve any kind of purpose, then there is no need for that second admin account. 

forrest99
New Contributor III

That is what I needed to know. Thank you.

junjishimazaki
Valued Contributor

You're welcome