- Jamf Nation Community
- Products
- Jamf Pro
- Change Password for Filevault-Enabled Management A...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-18-2023 06:58 AM
I'd love to be able to have a script to update the password for our local admin account on all devices. I know some people here were able to get this working, but that thread is a few OSes old and I assume based on the age that it's no longer applicable.
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-18-2023 03:26 PM
I'm pretty sure @AJPinto is correct.
Have you looked into using LAPS? Jamf has a built in solution for management accounts (https://learn.jamf.com/bundle/technical-paper-laps-current/page/Local_Administrator_Password_Solutio... ). There are also 3rd party implementations such as PezzaD84/macOSLAPS.
These are not quite what you're asking as they would require either making a new account or using an existing management account. Still, it might be your best option.
Reply
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-18-2023 09:05 AM
This is not possible anymore as far as I am aware. FileVault generates a Secure Token, and you need a secure token to rotate the password of an account with a Secure Token.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-18-2023 03:26 PM
I'm pretty sure @AJPinto is correct.
Have you looked into using LAPS? Jamf has a built in solution for management accounts (https://learn.jamf.com/bundle/technical-paper-laps-current/page/Local_Administrator_Password_Solutio... ). There are also 3rd party implementations such as PezzaD84/macOSLAPS.
These are not quite what you're asking as they would require either making a new account or using an existing management account. Still, it might be your best option.
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-19-2023 05:37 AM
We use LAPS on our Windows machines, and I never even considered there'd be a similar implementation for MacOS.
Honestly, that second one, with the self-service options, looks great for what we need. We already have a local admin on each device, it's just a matter of setting it up with that account from the sounds of it. Thanks for the links!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-19-2023 06:56 AM
Glad to help. There was a great talk at JNUC on it this year. I don't think the video is on youtube yet, but it should be soon-ish.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-31-2023 04:04 PM
Hello,
@TrentO Thanks for sharing! This is looking great indeed.
I need a sanity check for PezzaD84/macOSLAPS solution. This needs to have LAPS enabled in the Jamf Pro API first correct?
Thank you!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-31-2023 04:18 PM
No actually. This is a completely separate LAPS implementation and only relies on Jamf to deploy the policies.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-31-2023 04:31 PM
@TrentO Thanks so much for confirming! Really appreciate it.
I'll be testing on a couple laptops first then :)
