Jamf Nation Community

That'd be the best thing to do if they aren't already Casper managed. If
they had some previous management like ARD, it's easy to roll out the
quickadd, otherwise you'll need to just take a USB drive around with you.

We have the hidden account casper uses, and then another account that can be
used locally to log in/out and for FEU/FUT's.

John

Thanks.. but these machines are all already being managed.. we just want to manage all current with the same account.

This assumes you are not using randomly generated passwords...

Oh...I am not responsible for someone using this...

If you already have management capability on these systems, you can create accounts easily enough using Casper Remote or a policy. Create the accounts on the systems with the password you desire. I would NOT do the rest of what’s in this email until you know all of these systems have your new account present.

You could then go into mysql and update the necessary fields to change your management account in mass. Highly recommend you make a database backup before doing this.

First go into your web interface and either set or find a machine that already has the desired ssh account on it and get it's JSS Computer ID in the details view of the inventory.

- ssh into your JSS
- sudo mysql
- use jamfsoftware;
- select * from ssh_accounts where computer_id = <id>;
- Copy the text that's in your password_encrypted field
- update ssh_accounts set username='<username>', encrypted_password='<copied field text>’;

You should then be able to validate it worked on a bunch of systems that had a different account previously, by going into Casper Remote, selecting those systems and pressing go to just enforce management framework.

The last thing you could do is use Casper Remote on the Accounts tab to DELETE those old accounts permanently.

Perhaps there is an easier way, but I’m not aware of it. =)

Once you have all the systems with the same account it’s nice if you ever want to change it in your entire environment with Casper Remote or a policy.

If things go sour...restore your database from backup.

Craig E

I use instaDMG to create a pristine OS image, then toss that in Casper Admin and compile it with all my base apps, and deploy it out via asr scripts. I then have a post image script that creates local user accounts. This is all easily done from scripts or even from the web front end of the JSS. You can create policy to create accounts. The Quickadd.pkg will also work as well. I have used all those methods in the past.

However, I have run into some snags and only try to do major account and password changes over the summer when we reimage everything.

-Tom

See, there’s just so many things in this system now...=)

I’ve been reminded that there is Mass Edit capability for SSH Username and Password right in the web interface if you’re not comfortable dealing in mysql.

You could get a group of systems in a smart group that have your particular old username with Local User Accounts, and still create the new user account on that system with a policy then use the web tool to edit the information in the database.

At least on the version I’m on (7.21) go under Settings -> Edit SSH Accounts

I wasn’t told my way was wrong though. ;) Backups...do them before you do this stuff! It takes but a few minutes...well for most of us with less than a few thousand systems.

Craig E