We're under a directive to change all our local admin passwords. I've come to the painful conclusion that I cannot change the FileVault2 password for the admin user without getting hands-on each and every computer. I ran it by my boss and he approves of creating a NEW admin account with a different name and home folder and adding that user to FV2. I discovered that JSS has an option to create a new local account as an admin and enable them in FileVault with a single policy!
I created a policy and filled out all the fields and applied it to one Mac running Yosemite but I keep getting:
Error adding user to FileVault: Added users failed error
I looked in the system.log on the test computer and it only says:
3/18/16 2:05:17.245 PM Self Service[839]: [ERROR] -[InstallerQueueProcessBinder finishProcess] (line:190)
--> Policy NewAdminAcct failed with: Error Domain=JAMFSoftware/SelfService Code=30 "The operation couldn’t be completed. (JAMFSoftware/SelfService error 30.)"
It did get so far as to create the account and the home folder in /Users/ BUT it did not make the user an admin even though that box is checked in the policy and it did not enable it in FileVault. Is this functionality broken in JSS? My ultimate plan would be to create a new admin user enabled in FV2, then delete the old admin account.
If someone can tell me how to change the admin password at the same time as their FV2 password via a method i can push through Casper, that would be even better.