Jamf Nation Community

KittyGoyenk · ‎05-18-2023

Hi Everyone,

I am planning to implement JAMF-LAPS (Local Administrator Password Solution).

I have a look of this

https://github.com/red5coder/Jamf-LAPS?search=1

I just want to gather everyone feedback on this one.

Also, I would like to seek help if anyone has implemented this before and can guide me on how to implement this approach using Jamf Pro cloud?

Thank you,

mm2270 · ‎05-19-2023

You may want to read the Tech Thoughts article written by Bill Smith:

How to Securely Manage Local Admin Passwords with Jamf Pro and LAPS

He outlines everything you need to know about it. The one big takeaway on it is that this can only work with Macs enrolled via ADE/DEP and the local admin account being created during the Prestage Enrollment. If the admin account is created in any other way, you cannot apply LAPS policy to it. It has to be what's known as a managed local admin account.

KittyGoyenk · ‎05-24-2023

Thank you mm2270. I read that article.

However, sadly most of our macbook devices are enrolled by user initiated enrollment so that solution will not apply to us.

user-dIrrpGXxza · ‎08-09-2023

WIth the latest JAMF version, those will be managed as well, in addition to the ADE/DEP created accounts. They apparently share the same config, but not the same mechanism of update. It's all explained in the docs.

mm2270 · ‎08-09-2023

Yes, I have read about that update, which is great news! I'm glad Jamf updated their LAPS solution to handle those cases as well. It makes the new feature a lot more useful.

perryd84 · ‎10-04-2023

@KittyGoyenk

If you are still looking into JAMF LAPS I have some tools on my github which might make managing and viewing the passwords a little easier. I made a little UI to view the password and a tool to configure the settings without having to run loads of API calls yourself.

https://github.com/PezzaD84/JAMF-LAPS-UI
https://github.com/PezzaD84/JAMF-LAPS-Configurator

Also if you don't want to use JAMF LAPS then you could check out my LAPS solution here https://github.com/PezzaD84/macOSLAPS
You dont need anything pre-staged or user enrolled it's just run from policies and can be pushed out to existing devices.

trevoredwards · ‎11-09-2023

Left · ‎01-25-2024

hi i was wondering how to get your tool, i found it on github and couldn't download it

Left · ‎01-25-2024

When I ran sh I got the following feedback
SwiftDialog is not installed. App will be installed now.....

perryd84 · ‎01-26-2024

Hi @Left

Which tool is having issues? I have noticed that the Configurator tool had the wrong URL for checking the Dialog version so it could have been that.

Are you able to reach the internet in your estate to download software? I only ask as I know some companies have these kind of download URLs blocked so it could be hanging on downloading Dialog because of some restriction?

Left · ‎01-29-2024

hi friend thanks for your reply.
I can't install both tools locally to me, YES I made sure I can download the software properly.
My internet situation is not restricted because 5 minutes before that I downloaded the jamf tool from github

Left · ‎01-29-2024

https://github.com/PezzaD84/JAMF-LAPS-UI
https://github.com/PezzaD84/JAMF-LAPS-Configurator
I can't get these two tools to work.

perryd84 · ‎01-29-2024

@Left I've sent you a private message to pick up these issues.

darylr · ‎05-30-2024

Has anyone seen this? I have my "encoded API credentials" as my api client secret and then api roles, privileges, are "view local admin password". I am probably missing something here. Thanks everyone!

perryd84 · ‎05-31-2024

Hi @darylr

I would check the API permissions or the password that was encoded. Sometimes if there are too many special characters or slashes the encoding process skips these characters as it sees them as line breaks.