Change Password for Managed Account

New Contributor III

Hey everyone,

We want to start a cadence of changing our localadmin password and I'm torn on the best way to do it, hoping to get some insight.

Currently we have a Management Account setup in User-Initiated Enrollment, if I change the password there I'm afraid that only new Macs that we enroll will get the new password on the localadmin account.

I've thought about creating a Policy to create an admin account and we can manage the passwords that way then create a short term Policy to remove the current localadmin account. However, I'm reading that creating a Policy for an admin account and enabling it for FileVault has issues with APFS.

What might be the best option to go? Ideally I would like to go with the Policy option since in theory we could enable it for FileVault out of the gate.


Contributor II

You should just be able to change the password in the policy you have now and then just flush the logs so it hits it all

New Contributor III

The policy I have now is just a test policy and it's not playing nice when attempting to enable FileVault for the account with APFS. There are no logs on the Management Account(user initiated enrollment) to flush.