Managed Admin accounts Jamf

HollowNug
New Contributor

Does any one know why when you create multiply admin accounts via a policy it shows all the separate accounts on the one user profile in Jamf? 

 

So for example if i create a managed admin account via 3 individual policies for Tom, Alex and Jane 

when i go to - locals accounts payload for Tom i can see Alex and Jane too (however no come directory path) 

I can also see the accounts in directory utility on Toms local machine too 

 

3 REPLIES 3

jamf-42
Valued Contributor II

This is expected behaviour. 

AJPinto
Honored Contributor III

Generally speaking, you just want a single privileged account and not one for each person unless you have a password rotation workflow sorted out. Basically you are giving malicious actors multiple attack vectors for seldomly used accounts that have elevated access.

 

However, creating the accounts is simple. Create a Policy, add the Local Account payload, fill in the details, scope it out and deploy. Repeats this for each account you want to create. If you specify a home directory, macOS may not make one until after the user logs in (I have not verified this as I always specify the home directory).

HollowNug
New Contributor

Right ok - so there is no way for those accounts to be manipulated or edited by the other user(s)? 

it would also be good to know how that policy is being distributed or why it populates on the other profiles as the policy is not scoped to that user