Management Account and QuickAdd problems

seanhansell
Contributor

We use a dedicated management account in our environment, "casper". This account is present on every computer. We do not currently randomize the password. Occasionally machines will become managed by another account and I will need to repoint them to the "casper" account.

This used to be achieved by running the command "sudo jamf recon -sshUsername casper -sshPassword <password>". At some point this command became obsolete. At the very least it no longer achieves the desired goal of changing the management account.

We then achieved this by deploying a QuickAdd.pkg with the correct account settings. This no longer works because it seems the current crop of QuickAdd.pkg is single-use only.

How can I remanage my computers with the correct account without having the task be a manual process?

- Sean
1 ACCEPTED SOLUTION

mm2270
Legendary Contributor III

QuickAdd's generated on the JSS for self enrollment are one time use, but not so with something created from Recon.app. Make your QuickAdd.pkg in Recon.app with the proper settings and you should be able to install it via policy on any Macs that need it.

Just curious though, how are you detecting the proper set of Macs that need to be repointed to your "casper" account?

View solution in original post

4 REPLIES 4

mm2270
Legendary Contributor III

QuickAdd's generated on the JSS for self enrollment are one time use, but not so with something created from Recon.app. Make your QuickAdd.pkg in Recon.app with the proper settings and you should be able to install it via policy on any Macs that need it.

Just curious though, how are you detecting the proper set of Macs that need to be repointed to your "casper" account?

seanhansell
Contributor

Extension Attribute:

#!/bin/sh

apiURL="https://casper.company.com:8443/JSSResource/computers/macaddress/"
apiUser="apiusername"
apiPass="apipassword"
MacAdd=$(networksetup -getmacaddress en0 | awk '{ print $3 }' | sed 's/:/./g')

ManAccount=$(curl -s -u $apiUser:$apiPass $apiURL$MacAdd | xpath /computer/general/remote_management/management_username[1] | sed 's/<management_username>//;s/</management_username>//')

echo "<result>$ManAccount</result>"

- Sean

seanhansell
Contributor

Using a Recon-created QuickAdd package did the trick! Thank you!

- Sean

mm2270
Legendary Contributor III

Ah, I see, you're using the Extension Attribute that I posted to Ben Toms' thread. :-) I had a feeling it was something like that.