Posted on 08-14-2024 08:46 AM
Does any one know why when you create multiply admin accounts via a policy it shows all the separate accounts on the one user profile in Jamf?
So for example if i create a managed admin account via 3 individual policies for Tom, Alex and Jane
when i go to - locals accounts payload for Tom i can see Alex and Jane too (however no come directory path)
I can also see the accounts in directory utility on Toms local machine too
Posted on 08-14-2024 08:56 AM
This is expected behaviour.
Posted on 08-14-2024 08:58 AM
Generally speaking, you just want a single privileged account and not one for each person unless you have a password rotation workflow sorted out. Basically you are giving malicious actors multiple attack vectors for seldomly used accounts that have elevated access.
However, creating the accounts is simple. Create a Policy, add the Local Account payload, fill in the details, scope it out and deploy. Repeats this for each account you want to create. If you specify a home directory, macOS may not make one until after the user logs in (I have not verified this as I always specify the home directory).
Posted on 08-14-2024 09:00 AM
Right ok - so there is no way for those accounts to be manipulated or edited by the other user(s)?
it would also be good to know how that policy is being distributed or why it populates on the other profiles as the policy is not scoped to that user