Posted on 07-23-2024 10:53 AM
Hi all, how would I change the password of the managed devices inside of Jamf, I know how to instruct them to change it from their end but im not sure how to change it from our end, how would I do this?
Solved! Go to Solution.
Posted on 07-23-2024 10:57 AM
MDM is Mobile Device Management; Apple does not want you managing user accounts with MDM.
Account management is done one of two ways:
Posted on 07-23-2024 01:27 PM
The Jamf Pro console can reset a user's password with a policy, providing the user does not have a secure token. Due to FileVault most all users should have secure tokens.
I figure that makes sense especially because of security/privacy concerns. Is this the cause?
Generally speaking, yes. Apple is attempting to secure and protect user accounts, and their data. Apple relegates identity management such as password resets to:
Posted on 07-23-2024 10:57 AM
MDM is Mobile Device Management; Apple does not want you managing user accounts with MDM.
Account management is done one of two ways:
Posted on 07-23-2024 11:16 AM
Ok so that is not an option when using Jamf to change/control users passwords from our end?I figure that makes sense especially because of security/privacy concerns. Is this the cause? Basically just to protect user info and confidentiality. @AJPinto
Posted on 07-23-2024 01:27 PM
The Jamf Pro console can reset a user's password with a policy, providing the user does not have a secure token. Due to FileVault most all users should have secure tokens.
I figure that makes sense especially because of security/privacy concerns. Is this the cause?
Generally speaking, yes. Apple is attempting to secure and protect user accounts, and their data. Apple relegates identity management such as password resets to:
Posted on 07-24-2024 06:10 AM
@AJPinto Thank you for explaining this. I actually opened up a ticket since I did not know this. Jamf was trying to walk me thru changing the password but it wasnt for the user's password. It was for the Administrator account that is created during enrollment. so for "Security" reasons I attempted to change the password on that one and failed.
But funny thing is that yesterday, I actually try to change the admin account password and I was getting fails ont he password change. I pushed a secondary temp admin account to achive this. The temp account worked to delete and modified other accounts, but not able to do anything to the Admin account. not even delete it.
Posted on 07-24-2024 06:41 AM
Check to see if the accounts you are having failures with have Secure Tokens, and if the accounts are successful with dont have Secure Tokens.
The function of Secure Tokens is to dis-empower root. So, accounts that have Secure Tokens, cannot be modified with Root level permissions. Everything Jamf does from CLI is done with Root Level access, which cannot modify Secure Token accounts as that would give a malicious actor a path to get a Secure Token with just Root Access which is what Apple is trying to prevent.
Posted on 07-24-2024 11:35 AM
the accounts do have secure token. so, how can I change the password that I dont know of an account that has secure token, and in this case its the admin account.