If the computer is filevault encrypted and has been rebooted then you can't because it needs to be unencrypted to get online.
Otherwise you could push a temporary account and later remove it using the local accounts provision
To avoid the filevault issue I pushed "rescue" accounts with randomized unique passwords to every computer when everyone went remote.
@emilshouse
Everything is automated, there is a setup, and three policies:
SETUP:
A policy installs pass_phrase.py and 3 .txt files to that are random word lists. I put it into /Library/Application Support/COMPANYNAME/passphrase
https://github.com/theadamcraig/jamf-scripts/blob/master/pass_phrase.py
There are two extension attributes. One as a text, and the other to read a local file incase the script doesn't use the API successfully. I've included screenshots of both of those.
There is are 3 policies:
One creates the account with a temp password and changes the password. It is scoped to all computers with no rescue account on them.
One changes the password. It is scoped to computers where both extension attributes are blank.
One grabs the password from the -local file and uploads it using the API and deletes it. It is scoped to computers where the RescuePassword-Local is not blank, but the RescuePassword is blank.
This also means that once the RescuePassword is used you can delete the text extension attribute and the password will reset itself.
Here are the other two scripts:
https://github.com/theadamcraig/jamf-scripts/blob/master/rescue_account_cleanup
https://github.com/theadamcraig/jamf-scripts/blob/master/Rescue_Account_Password_Change
My Disclaimer: I did not write most of these scripts. I did some major changes to the Rescue Account Password Change scripts, but i linked the github where I found the original script in the comments of it on github.
That's a good overview of how it works. Since my entire company is remote it's been pretty successful.
