macOSLAPS by Jamf script

Contributor III

There are a number of of LAPS scripts I've seen.

Joshua Roskos from Jamf has one here which seems to meet our needs

Theres been a couple of minor updates for Big Sur by mjgall

The bit I'm confused about is this like and what the 9 & 10 params should be.

jamfProPass=$( echo "${6}" | /usr/bin/openssl enc -aes256 -d -a -A -S "${9}" -k "${10}" )

Any ideas?



Yes its from the jamf EncryptedStrings script. But I would not use Jamf Pro API Credentials in a Client Side script. I would look for a LAPS version that reads the password with an extension attribute.

Maybe this is something for you, it has also a "local" mode.

Good to read

New Contributor II

that not clear on the script but jamfProPass variable is using an encrypted password  depending of Params 6 - 9 - 10.

  • Param 6 : Encrypted String
  • Param 9 : Salt
  • Param 10 : Passphrase

To generate an encrypted password : 

function GenerateEncryptedString() {
local STRING="${1}"
local SALT=$(openssl rand -hex 8 )
local K=$(openssl rand -hex 12)
local ENCRYPTED=$(echo "${STRING}" | openssl enc -aes256 -a -A -S "${SALT}" -k "${K}")
echo "Encrypted String: ${ENCRYPTED}"
echo "Salt: ${SALT} | Passphrase: ${K}"
GenerateEncryptedString 'yourPasswordtoEncrypt'

This script will generate Encrypted String + Salt + Passphrase for password "yourPasswordtoEncrypt".

You just have to replace "yourPasswordtoEncrypt", and copy datas returned to your script params