Changing Management Account via Policy w/ Package

dontmakememac
New Contributor III

Hello everyone and thank you in advance,

My environment has a local admin account we create on setup before Jamf enrollment. The Jamf Pro management account, when created, has the same name and password as local admin. As far as I'm aware, this is a bad thing.

This issue was discovered while I was trying to change the passwords for both these accounts through the appropriate payloads in a policy. When I tried to do this, I received an error in Terminal; Error: The Managed Account Password could not be changed.

To get past this, I've decided to separate the accounts. I've created a QuickAdd package with the new management account and am deploying it through a simple policy, no extra payloads. When I run the policy, it appears to install the package successfully but receives two errors while checking for patches and running recon. See the screenshot. bae592925d2d469d821f2f5184b2120a

After I've run this policy, even with the errors, I'm able to update both account passwords successfully with their own respective policies. So the initial issue is solved, but changing management account will have to happen first. Currently with these errors, I'm not confident doing this en masse.

What are these errors pertaining to? I've noticed that the computers are not updating in the Jamf correctly until after they have been restarted. For instance the policy will stay stuck on pending until after restart when it will then say completed. Is this because I'm changing the management account in such a roundabout way? and that when the computer restarts... that's the first time it's able to once again communicate with the Jamf Pro?

I'm going to have to end up doing this to 200~ computers. Just looking to flesh things out as much as possible.

Some other info on the environment-
All Mac computers
Jamf 10.4.1
Macs are on a mixture of 10.12.x and 10.13.x

Thank you

0 REPLIES 0