I have been going back and forth with Jamf support for a while now and it seems that if you have a local password policy where the password is set to expire in X number of days that it will eventually break your environment since the local password policy would be applied to your Jamf management account. That would mean after X number of days the client would become unmanageable(per Jamf support). I'm told I could push out a policy that resets the management account password on every mac then do a batch update of the management password in JSS. I'm not a fan of that because it means I would be deliberately breaking my environment every X number of days, not to mention that every management account would have the same password which is a security concern. Has anyone else run into this? If so what did you do? Any insight would be helpful.
Thanks in advance.
Looks like I will be looking at NoMAD seeing as Jamf support has said that any local password policy will break our environment. The Idea would be to educate all users to use NoMAD to sync their passwords and rely on AD for the password policy, then remove all local password policies.
You could just manage the password by user with a script based on the info in this thread
But that is kinda risky, vs what does thee jamf management account do, it's most of the work done with the binary?