Hidden Admin account with random password how to manage/login?

fimi
New Contributor III

Hello Everyone,

This might sound silly but how do you login do the hidden Admin account with random password on a machine on enrollment? Is the password stored somewhere or can you change the password somewhere before needing to manage the users machine? How does this tie in with FV2?

Thanks.

4 REPLIES 4

Tangentism
Contributor II

Are you not creating a local admin account at enrolment to manage secure token, etc?

bcf1a8289d4c46f88585c497eb9bbff9

maiksanftenberg
Contributor II

Did you thought about something like this: https://github.com/joshua-d-miller/macOSLAPS
https://github.com/NU-ITS/LAPSforMac
We do use the 2nd one and find it very useful.

fimi
New Contributor III

@Tangentism I'm talking about under user-initiated enrollment where you can select the option to randomize the password. For prestage enrollment you can only put a password. That is correct.

@maik.sanftenberg ah yes I remember LAPS on Windows. This might do.

francksartori
New Contributor II

You may also test EasyLAPS. I'm the author of this tool which is designed to regularly rotate the local administrator account password of a Mac and store it in a MDM like Jamf Pro or Jamf School.