Posted on 01-18-2017 03:51 PM
Our teachers use AD to log into their macbooks. After their first login we make them local administrators of the macbook. Is there a way we can block them from seeing the wifi passwords that are stored in keychain access?
Posted on 01-18-2017 09:09 PM
Not if they are an admin. But you could look at using RADIUS/802.1x and making the teachers login with their AD credentials or use certificate based authentication and use the computers AD credentials.
That way the credentials are unique to each person or Mac and can be revoked if need be.