- Jamf Nation Community
- Products
- Jamf Pro
- Re: Questions on Jamf local accounts
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Questions on Jamf local accounts
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-07-2023 12:12 PM
Our security team wanted to know what these two local accounts that are added to every macbook when its enrolled into jamf. Does anyone know what each of them are used for and what access they have?
Is it related to Jamf MDM or Jamf Connect?
jamf-management
/private/var/jamf-managemen
svc-securityscans-mac-jamf
/Users/svc-securityscans-mac-jamf
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-07-2023 12:54 PM
The first account looks like it might be set in your User-initiated enrollment settings as the Jamf Management account. Maybe someone set that up when your Jamf instance was setup. The management account was used in the past to support Jamf Remote, but has been effectively useless for a few years now, until Jamf Pro 10.49. With 10.49, the management account has been repurposed as LAPS account with a rotating password.
Not sure about the svc account. That is not created by Jamf by default. (Unless it is related to Jamf Protect.) Check your policies and see if any policy is creating that account. It seems strange that it is creating a user directory in the /Users folder. Most service accounts use /private/var.
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-07-2023 04:36 PM
Quite honestly, you should be asking whoever is administrating your Jamf instance asking that question. Not here. It's your organization so that is your jamf admin to answer that question.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-07-2023 04:38 PM
I agree but some of the admins that created or setup Jamf is no longer with the company. I jsut wanted to know if these are common local accounts created by jamf connect or jamf pro itself?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-07-2023 04:46 PM
Well, we can only speculate since we have no idea how your jamf instance was setup, but the first one as Tribruin mentioned could be from the user-initiated enrollment. The second was looks like it was created by policy. Which is kind of strange, why have 2 local accounts. As to what they are used for I'm assuming for local admin stuff that the typical user can not do.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-08-2023 06:21 AM
The 1st one looks like JAMFs Management account. This account is created when a device is enrolled using the web portal. I dont think the Management account is needed when you use a prestage to enroll as JAMF gets all of its tokens from Automated Device Enrollment.
The second account looks like something you guys are doing. This is not a format that JAMF or Apple uses, SVC is very Windows "domainy".
- Check with your JAMF Admin, and let them handle everything below if they dont know off the top of their head.
- Check your prestage to see what accounts is creates.
- Check any policies you have that would create accounts.
- Keep in mind scripts can create accounts with dhcl
- Check your security tools as many of them make their own accounts using dhcl when the application is installed
