- Jamf Nation Community
- Products
- Jamf Pro
- Exclude user from Config Profile Password Policy
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Exclude user from Config Profile Password Policy
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-06-2016 11:05 AM
Hi Everyone.
We are currently using local accounts on our Mac machines and enforcing a password policy via config profiles.
We have a problem as we also have a local admin user account on the machines and they are subject to the password policy too.
Is there anyway to exclude the local admin account from the policy?
Thanks
Liam
Reply
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-20-2017 08:43 AM
Hi Liam,
I have just run into the same issue at our company, where we want/need to exclude an administrative account on the Mac from the password policy. Did you happen to find a solution for your problem?
Thank you in advance,
Jens
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-04-2017 03:11 PM
We've running into a similar issue both with our localadmin account trying to run it and if the computer sits idle at the login screen through the root account. We only want it to run for a user account and not for any others. When I exclude it the policy won't run because it's been told to not run on any computers with "root" or "localadmin"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-16-2017 02:31 PM
yes I would like to exclude a particular hidden admin account from our restriction configuration profile. Is it possible?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-16-2017 03:05 PM
I looked into this a few years ago and was told that the only local user that you could scope "user level" configuration profiles to was the MDM capable user. My understanding at the time was that you could scope a profile to that user, but you couldn't use it as an exception (because this would be like scoping it to multiple users).
Like I said, this was a few years ago, I don't know if things have changed since then or not.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-23-2018 02:53 AM
We have this same issue. Is there still no fix??
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-22-2018 02:51 PM
Same - any solution anyone is aware of?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-30-2021 10:47 AM
Hi guys,
Any solution to use a Computer Level config profile and exclude some local users from this CP?
I've tested with User Level and it worked but some machines have 2 or more local users (shared computer), so only 1 user per time can be MDM Capable and consequently will receive the profile. When first user logoff, for example, the second user can login and need to become MDM capable (using -userLevelMdm or enroll again) to receive the config profile for Passcode. Is there anyway to force 2 or more local users are listed on MDM Capable Users? I think using User Lever in this scenario it's not the best approach.
