We are looking for Laps implementation for our MacOS. we utilize jamf pro and jamf connect.
our Macbook is binded to jamf connect.
I had a look of MacOSLAPS however this solution require AD integration.
is there another reliable laps solution that doesnt need AD integration?
we do have intune subscription (but we only use that for our windows devices)
Technically if your users are local admins , you dont need a secondary admin account which will make the device more secure , plus there is more overhead because you would want to make the laps admin account with secure token access. Just my 2 cents.....
sorry, i need to change my notification settings so i can reply quicker.
What happens when you have a filevault issue? or the users password doesnt work with filevault even though it should especially after a recent password reset and it doesnt sync properly. The laps account although an admin wont be able to unlock filevault. and its a headache to manage to make sure it can be securetoken granted.
We are moving away from this scenario, as long as the primary account of the device is an admin with securetoken or filevault acess , and you have the filevault key escrowed in jamf , you dont need the laps account. if anything should happen you can provide the user with the filevault key to log into recovery and their local password.
True, we used to have all our accounts as admin and there wasn't a need to have a "IT localadmin" account at all cuz we were counting on using FV recovery key to reset the end user accounts's password but recently we're trying to change this scenario, the plan is to demote our accounts to standard and have a localadmin account "without having secure token" with laps solution in place to make it more secure.