Help

Reset device passwords using Jamf Pro?

jabal
New Contributor

Posted on ‎01-03-2024 08:58 PM

Forgive by ignorance, but is jamf able to reset passwords if the user is not logged into a local account? I am seeing the option in policies, but I am unsure of how to trigger it before the user logs in. I attempted to set the trigger to startup and change in network state, but both remain pending when restarting the device to the login screen. Also, I am not seeing a network symbol on the login screen for any device and am thinking I need to adjust configuration profile so network access/settings can be accessed before logging in? If so, where do I access this? I am reviewing the restrictions on the devices and I am not seeing them.

Also, is this ill-advised? I can see how doing this sort of thing would be unwise from a security perspective.

0 Kudos
2 REPLIES 2

sdagley
Esteemed Contributor II

‎01-04-2024 05:31 AM - edited ‎01-04-2024 05:36 AM

@jabal If you are using FileVault drive encryption there is no network access to the Mac before a user logs in, so Jamf Pro would not be able to reset the password.

Even if Jamf Pro has access it may not be able to reset a password because macOS won't allow that for an account if it's the only one with a Bootstrap token (https://support.apple.com/guide/deployment/use-secure-and-bootstrap-tokens-dep24dbdcf9e/web)

0 Kudos

AJPinto
Honored Contributor II

Posted on ‎01-04-2024 12:44 PM

To add to what sadagley said, JAMF also cannot reset PW's for accounts with Secure Tokens. To change the PW of an account with a Secure Token, you need a secure token and JAMF PW reset workflow uses a bootstrap token.

0 Kudos