Is there a script that allows me to change the "admin" account password? It
is the administrator account on the client macs.
Tech Director / Assistant Principal
Casper policy can do this too. Add the account name under the accounts tab and then create a new password for it by clicking on the reset password link in the JSS web interface.
You could write a script, but then you have a password in your script, which ideally you should never do unless you have to
I'm looking to do an admin password change on about 5000 Macs. I see that I can create that policy to do the password change via the accounts tab. So that will reset the password on the machine. So I'm assuming that the password still then needs to be reset in the JSS. (It's too bad it can't do that at the same time) Looking for ways to do that and I'm guessing I can do a mass inventory search and then choose "Take Action on Results" and then the "Edit Management Accounts". Just want to see if this is the best way to go before I proceed. I was going to run a few small tests of this before I do the mass change. Any suggestions or gotchas ?
Richmond School District #38
So your local admin is also the Casper management account?
In my opinion the best solution would be creating a new local admin,
and then have Casper change the (old) management account password randomly at a given interval with a policy.
That way you have a secure management account on one side,
on the other side you're still free to change the other, new, local admin's password as you like without hassle
Thanks Chris. I will maybe look at the strategy you have suggested. In the mean time I did end up asking Jamf support about this and I was told that it can be done in one fell swoop via :
Change Management Account Password in JSS>>Management>>Policy>>Create Policy>>Create Policy Manually>>Accounts>>Change Management Account Password it changes on both the JSS and the client machine.
This seems to work well.
Changing the account password through a policy is no longer a viable solution. If the account is secure token enabled, Jamf cannot change the password with a policy any longer due to incompatibility with macOS 10.14 systems. The reason why secure token makes it so the policy can not run is that the previous password needs to be entered to change it. Jamf does not provide the current password as they do not save passwords.
Agree that it would be nice to have some kind of notice on the policy as some of our macs are now borked.