Posted on 12-06-2011 08:08 AM
Hello
At our location we have multiple admins, and when we recon we use our individual admin kerberos account credentials. As passwords expire, we do an inventory search for all computers, take action on results, and edit management accounts option to reset our password. This works great as long as everyone remembers to reset their password every month. But if anyone forgets their previous password, then this fails since you are required to have the previous management account password before you can do a mass password change. If you don’t remember your password you have to go into each individual inventory entry and edit the management account manually? Has anyone else seen an issue like this. I know having multiple management accounts on the computers isn't the greatest option. Has anyone found a better solution? JAMF does not have good enough solution for this as of a month or so ago. Their only solution was to go through 100 plus entries in the JSS and manually change the managed account password, which I don’t think is very efficient.
Just wanted to poll everyone and see if they have run into this issue.
Thank you
Posted on 12-06-2011 08:15 AM
It would take some legwork, but if it were me, I'd re-QuickAdd your machines with a new generic management account. Then spin the management password with a policy from there on out to keep it secure (e.g. same management account username on all machines, but passwords all end up different). Then remove the prior admin accounts.
j
---
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436
Posted on 12-06-2011 11:05 AM
Never seen the issue. But then always used one static account across all macs.
Any reason why using a standard local admin account wouldn't work?
Sent from my BlackBerry® smartphone on O2