Posted on 06-21-2018 09:17 AM
Hi Everyone,
I have a remote office and someone has just left our company, we utilize Jamf with Apple's DEP. Is there a way for me to gain access to change the account password via Jamf Remote. Currently only local account available. It's a hassle and a cost to have someone ship it back, wipe, and ship back.
I attempted to use Jamf Remote and change the user's password, but fails.
Posted on 06-21-2018 09:27 AM
Lots of questions here and many variables.
first...is the machine accepting and running its policies? If it is then that lets us know that the machine is checking in and reporting back normally. You brought up that the machine only has a single local account. Is it bound to AD? If it is, you should be able to use a domain admin account, login and take control provided that mechanism is working.
If it is phoning home and running policies successfully, you should be able to write a policy using the local accounts payload to create a new local account, give it admin rights and login with that once you see the policy was successfully completed (you'd want to use startup, shutdown or recurring check triggers.)
If FileVault is involved, then we get a little messier, but if it is, I'm hoping you used an institutional recovery key or escrowed the user recovery key using Jamf Pro.
If FileVault is not involved and the machine is accepting packages for installation, another trick you could do is to use Greg Neagle's pycreateuserpkg and write an installer package that would add a user account (https://github.com/gregneagle/pycreateuserpkg)
Hopefully this gives you some food for thought. You may not be able to do any of that if the machine is not connecting properly to a network, has boot issues, or whatnot. Hopefully if nothing else, you have someone on the ground there to verify that it's turned on and if it's capable of being "jacked in" that it is connected.