Posted on 10-15-2024 07:02 AM
Hey all.
getting ready to move LAPS into our system. what are the best steps to incorporate with already managed macs?
Posted on 10-15-2024 08:17 AM
Are you going to use Jamf's built in LAPS? Its easy to set up, just have to understand how and what you might be using the local admin account for (if anything). Read up on some of their documentation
Posted on 10-15-2024 10:03 AM
Identify whether you intend to use MDM LAPS or JAMF Framework LAPS or both . Ensure that the managed user account is not the same on UIE and Prestage Enrollment.
Posted on 10-16-2024 09:08 AM
LAPS will be enabled only on the New Enrollment, JAMF LAPS can't be enabled for the device which is already Enrolled
Posted on 10-16-2024 01:39 PM
I will be delving into this in our environment in the next few weeks, so I don't have experience to share yet. But I'm sharing some resources that I will be referring to:
There was a good talk at JNUC: Break Glass: How To Securely Administer Computers Using Jamf Pro LAPS. If you were there you can access it now; otherwise I believe it will be available for everyone next month: https://events.jnuc.jamf.com/widget/jamf/jnuc2024/sessioncatalog24/session/1714231330197001Zx7Y . I recommend that you watch this, they explain very well the differences between MDM LAPS and Jamf Framework LAPS, and depending on your situation one is likely better than the other.
You also might want to take a look at this, it might be possible for you to enable LAPS on machines that are already enrolled: https://gist.github.com/talkingmoose/9f4638932df28c4bebde5dd47be1812a
Posted on 10-17-2024 03:11 PM
I did this a few months ago. The biggest takeaway is that if you currently use the extension attribute to do LAPS, back them up. The other really big take away is communication/document/training. It went really smoothly b/c I did these.