- Jamf Nation Community
- Products
- Jamf Pro
- Re: Change Management Account Password
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-05-2016 08:05 AM
Hey All
I have to change our management account password and I am not entirely sure of the correct process. This is what I think needs to happen, but I want to verify before I break anything.
1) Create a policy with management account option -> Specify new password -> Scoped to all machines
2) Advance Search -> All machines -> Action -> Edit the Management Account Information
Let me know if I'm missing something here.
Thank you!
Shawn
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-05-2016 08:13 AM
@sgoetz You only need option 1 really. I would not use Option 2 because all that does is change the management account password stored in the database for all selected machines. Its not reaching out to the Macs in the selection and changing them there. The local management account on each Mac still needs to get its password revolved to the new one or they won't match, which the policy in option #1 will take care of.
If you do #2, you'd have issues using Casper Remote to push commands or packages to them, if that's something you use.
10 REPLIES 10
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-05-2016 08:13 AM
@sgoetz You only need option 1 really. I would not use Option 2 because all that does is change the management account password stored in the database for all selected machines. Its not reaching out to the Macs in the selection and changing them there. The local management account on each Mac still needs to get its password revolved to the new one or they won't match, which the policy in option #1 will take care of.
If you do #2, you'd have issues using Casper Remote to push commands or packages to them, if that's something you use.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-05-2016 08:15 AM
Thank you @mm2270. So will option 1 update the DB so JAMF knows the new password?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-05-2016 08:18 AM
Yes, once the policy runs successfully on each Mac, it will perform an update against the database to let it know what the new password is now. So, everything should be in sync.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-05-2016 08:57 AM
@mm2270 awesome thank you!!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-07-2016 09:32 AM
@mm2270 So it seems that running the policy to update Management Account does not update the account information for imaging. I haven't tested URL enrollment yet. But Im guessing I need to manually update the Images Management Account for all Images, and URL enrollment.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-07-2016 09:35 AM
Hi @sgoetz Sorry, I'm a little confused. What exactly do you mean by the account information for imaging? Do you mean the account that your NetBoot or Casper Imaging setup uses when it creates the management account on each Mac? Just not sure what it is you mean by that.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-07-2016 09:37 AM
Hey @mm2270 So when you build a configuration to image with, there is a tab for Management Account. I just did a test image, and it set our Management Account to the old password instead of the new one. So thats why I think I need to go through all of our Image Configurations and update that Tab manually.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-07-2016 10:01 AM
Yes, that is correct. That account password is stored hardcoded into the configuration. The process we discussed above is a policy aimed at existing set up computers, not the imaging setup. The former cannot effect the latter. So you will need to update your CI imaging configuration(s) to use the new password.
Sorry that wasn't clear, but I thought that was a known thing. They are two separate items.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-07-2016 02:53 PM
Hey @mm2270
No worries. This is actually the first time I've ever gone through this process so its all new to me!!
Thank you for all your help on this!!
Shawn
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-15-2017 01:17 PM
Hi,
I know this is an older thread, but I'm having the same issue. A management account password was set in the JSS by a previous employee, and it was not documented. Furthermore, we found that the policy for this is set to an Ongoing Execution Frequency with a Recurring Check-in. So machines are getting hammered away by this policy over and over again at every checkin.
My question is what did you set your Triggers and Execution Frequencies at in order to ensure everything got migrated to the new password? My gut is saying set the Trigger to "Login" and the Frequency to once a week. Just wondering if there's a best practice out there for this.
Thanks!
