Management account and random password for management accounts to improve security

laura_perez
New Contributor II

Hi!

I have a couple of doubts regarding administration accounts in Jamf:

  • For what I know, there is a "JSSadmin" account that is created with each enrollment. Is that correct?

  • We would like to add an admin account for all the computers restricted to the IT team, so we can enter any of them to give support. On the other hand, we don't want to use a single password for them as this would be a security issue. Is there any way to randomize this password but that we can check it from Jamf so we can access the different computers every time? Any ideas about this? Tips about how you proceed in your environment?

About the first question and regarding the second one, do you use JSSAdmin for admin tasks, or do you create a new one and keep JSSadmin as "invisible" account?

It would be great to have your inputs about this topic. Thanks in advance!

3 REPLIES 3

benducklow
Contributor III

Great post. Yeah, there's a management account that you identify when a machine gets enrolled... I know there are a few home-grown solutions out in the interwebs to accomplish this, but having something supported or built into the product would be great. We cycle that mgmt account password frequently in our environment for those same security concerns. Would love to hear from others as to what they are doing..

ThijsX
Valued Contributor
Valued Contributor

+1 love to hear other solutions, we currently use the JSS management account as troubleshoot account and its not hidden.

Our goal is to have;
- Hidden management account with randomized password.
- Hidden support account with a randomized password that can pulled out of something.

Cheers,
Thijs - bol.com

jalcorn
Contributor II

Laps?

https://github.com/unl/LAPSforMac