Posted on 03-15-2018 03:55 PM
Hey everyone,
We want to start a cadence of changing our localadmin password and I'm torn on the best way to do it, hoping to get some insight.
Currently we have a Management Account setup in User-Initiated Enrollment, if I change the password there I'm afraid that only new Macs that we enroll will get the new password on the localadmin account.
I've thought about creating a Policy to create an admin account and we can manage the passwords that way then create a short term Policy to remove the current localadmin account. However, I'm reading that creating a Policy for an admin account and enabling it for FileVault has issues with APFS.
What might be the best option to go? Ideally I would like to go with the Policy option since in theory we could enable it for FileVault out of the gate.
Posted on 03-16-2018 07:09 AM
You should just be able to change the password in the policy you have now and then just flush the logs so it hits it all
Posted on 03-16-2018 09:03 AM
The policy I have now is just a test policy and it's not playing nice when attempting to enable FileVault for the account with APFS. There are no logs on the Management Account(user initiated enrollment) to flush.