password policy that excludes local admin and jamf management account

Contributor II

Hello all, 


I have found a couple older post without accepted solutions and wanted to see if anyone had found a solution to this, or what the work around was. Trying to leave the realm of bound AD and the network/mobile accounts so we can start using filevualt, in that I make a password policy similar to our AD, but realize this would also apply to local admin account and Jamf Management account. I have some ideas on just changing the local admin account password on a more frequent basis lining up with the staff account policy, but from what I am reading the Jamf Management accounts (which I let jamf set the randomized password) password expiring  would break deployments until that is fixed. 


Do many of you just not have the password expire? I could make the arguement network resources are still connected to an AD account that changes password so maybe this is an acceptable risk?