Help

mac account rename/deletion via Jamf Pro

Chillbot500
New Contributor

Posted on ‎09-23-2024 11:11 PM

Hi all

First post on here, exciting times! 

So we have a deployment process with Jamf Pro that pushes out an admin account with LAPS enabled. All good there. Except we have a mac that has the account manually created, which is blocking LAPS from effectively working on this specific device when needed. Wondering how clean it is to either change name on this account or delete entirely from Jamf pro without the need to manually intervene on the mac? 

 

I dare say this kind of post has occurred before so feel free to direct me there if so. 

 

Thanks for the assistance everyone! 

 

0 Kudos
Reply
2 REPLIES 2

AJPinto
Honored Contributor III

Posted on ‎09-24-2024 05:27 AM

Unfortunately, for reasons beyond my understanding, LAPS only works on accounts created during the prestage and there is no way to later push an account in to LAPS. Basically, you need to reinstall macOS if you want LAPS to work for an account.

 

As far as having Jamf delete, modify accounts (using a policy to rotate a password or change an account name), this depends on if the account has a secure token.

  • If the account does have a secure token, you will need to use an account with a secure token to make any changes to this account. Jamf makes changes to accounts from CLI that uses a bootstrap token, which cannot modify secure token holding accounts.
  • If the account does not have a secure token, you can modify the account from CLI (i.e. Jamf policies).
Reply

Chillbot500
New Contributor

Posted on ‎10-10-2024 04:01 PM

Yes, I think you're spot on with this. Have tried all I can think of to refresh the LAPS on this rogue machine without success. Workarounds found. Thanks for the reply. 

0 Kudos
Reply