Help

Enable root through a secure configuration profile?

winningham_2
Contributor

Posted on ‎12-20-2013 12:07 PM

I am aware of the ```
dsenableroot -u username -p userpassword -r rootpassword
``` command but I would rather not put a root account in plain text. So....

My question is, does anyone know of a way to do this within a configuration profile securely?

It may go without saying but, I would not want the profile to be broken down and expose the root password either. Perhaps I am asking too much but I thought I would ask anyway.

0 Kudos
1 REPLY 1

mm2270
Legendary Contributor III

Posted on ‎12-20-2013 12:24 PM

I'm not 100% certain, but I think if you use a script that uses Casper Suite parameters for both the username & password and run that through a policy, neither of those are revealed anywhere. Well, to clarify, it shouldn't get written to a log anywhere, like if you ran a sudo command while ssh'd into a system (root commands get recorded in the system.log)
The only thing you'll see is that a policy ran in the jamf.log and ran a script, but the passed parameters are not revealed.

Would that help?

0 Kudos