Help

Jamf management account with local password policy

awells
New Contributor II

Posted on ‎07-19-2018 08:50 AM

I have been going back and forth with Jamf support for a while now and it seems that if you have a local password policy where the password is set to expire in X number of days that it will eventually break your environment since the local password policy would be applied to your Jamf management account. That would mean after X number of days the client would become unmanageable(per Jamf support). I'm told I could push out a policy that resets the management account password on every mac then do a batch update of the management password in JSS. I'm not a fan of that because it means I would be deliberately breaking my environment every X number of days, not to mention that every management account would have the same password which is a security concern. Has anyone else run into this? If so what did you do? Any insight would be helpful.

Thanks in advance.

Labels:
0 Kudos
3 REPLIES 3

gachowski
Valued Contributor II

Posted on ‎07-19-2018 04:17 PM

@awells

Good catch ... I need an answer or a few good ideas too!!!

C

0 Kudos

awells
New Contributor II

Posted on ‎07-24-2018 01:50 PM

Looks like I will be looking at NoMAD seeing as Jamf support has said that any local password policy will break our environment. The Idea would be to educate all users to use NoMAD to sync their passwords and rely on AD for the password policy, then remove all local password policies.

0 Kudos

gachowski
Valued Contributor II

Posted on ‎07-24-2018 03:13 PM

You could just manage the password by user with a script based on the info in this thread

https://www.jamf.com/jamf-nation/discussions/18574/user-password-policies-on-non-ad-machines

But that is kinda risky, vs what does thee jamf management account do, it's most of the work done with the binary?

C

0 Kudos