Best way to change the management account ?

Contributor II


Today we use the main admin account as the management account.
This account has a unique password.
We would like to change the Jamf Pro management account (with random password) so that we can later put a random password on our main admin account.

We have computers ranging from macOS 10.11 to Big sur (with a majority of 10.15).
Our users are not administrators of their workstation.

We are using Jamf Pro Cloud 10.26 and are not using DEP yet.

Could you please tell me the best method to do this?

Thank you for your help


Contributor II


Contributor II

I am working through this exact same scenario.

Let's call your two admin accounts "old_account" and "new_account."

Create a smart group with criteria "managed by old_account" and "does not have local account new_account."

Create a policy to run on that smart group once per computer to create new local admin account "new_account" with a temporary password, and then updates inventory (run recon).

Create another smart group with criteria "managed by old_account" and has local user "new_account."

Manually run Action > Edit Management on that group to select "new_account" with the temp password.

Create another smart group with criteria "managed by new_account."

Create a policy on that final group to run Management Action > Reset Password and select your randomization options.


If anyone knows of any means to automate the edit management account step, such as an API call, I'm definitely interested.

Contributor II

Thank you for your help @pete_c We will do some tests and see what can be done by trying to keep it as simple as possible.