Hi everyone, pls bear with me for this beginner question since I'm new to jamf.
During the User initiated enrollment, I check on Create Management Account. However, it only let me pick the username but not the password. Do you know How I can pick a password or update it? Thank you! Below are the only options available:
Settings/ Global/ User-initiated Enrollment
Management Account
Account to be used for managing computers enrolled via a PreStage enrollment or user-initiated enrollment
- Username
- Create management account Create the management account during enrollment if it does not already exist
- Hide management account Hide the management account from users
- Allow SSH access for management account only Make the management account the only account that has SSH (Remote Login) access to computers
- Ensure SSH is enabled Enable SSH (Remote Login) on computers that have it disabled
- Launch Self Service when done Ensure that computers launch Self Service immediately after they are enrolled
- Sign QuickAdd Package Ensure that the QuickAdd package is signed and appears as verified to users when enrolling via user-initiated enrollment with a QuickAdd package.
Generally speaking, you don't want to use the Management Account for anything, nor do you want to know its password. The management account is tech debt from an earlier time, you really should not be using the Management Account for anything.
- For your Automated Device Enrollment path, in your PreStage you will go to Account Settings and enter the information for the account you want to create.
- For User Enrollment (which should really be disabled), you will use a policy to create an admin account using the same credentails that the prestage uses.
For security I suggest looking into a tool to rotate out the local admin password. Make the password as complex as possible until you can rotate it out as this is a global password and a single point of failure. Also read over JAMF LAPS.
