Resetting password of local admin created before device enrollment

KAndrews5725
New Contributor III

I believe I have a slightly different situation here than what I've found online so far regarding resetting passwords.  In our situation we have a bunch of laptops that went out to Teachers that were not included in our pre-stage enrollment.  Since then, a local user account has been created (admin with secure token) and now we want to send out enrollment invites to get these devices logged into the system.  So far I've been able to do so quite easily on a test machine, and can even create a hidden admin account with password that we can use to backdoor into the device if needed.  One purpose of doing this would be to reset a forgotten password.  However, I'm beginning to realize that this may not be possible because the first account created (501) has a secure token and the second account (502) does not.  At this time I am unable to reset the password of the original account.  I should say that we are primarily using macOS Catalina and Big Sur.  Is there a way to reset passwords for admin accounts that were created outside of enrollment, if we decide to send out invites?  Thanks for your time assisting on this!

 

Keith Andrews

1 ACCEPTED SOLUTION

KAndrews5725
New Contributor III

Thanks for your response.  I've decided to enforce FileVault through a config profile on all managed devices after they are enrolled through user-initiated enrollment.  This will allow us to obtain and escrow a personal recovery key in our JAMF instance that we can provide to the end user if they ever need to have their device password reset.

View solution in original post

2 REPLIES 2

suresh_143
New Contributor II

You can try to boot device using command+R than it will boot OS repair mood there you can ope terminal try reset using command linux command passwd user name I hope it helps

 

 

 

KAndrews5725
New Contributor III

Thanks for your response.  I've decided to enforce FileVault through a config profile on all managed devices after they are enrolled through user-initiated enrollment.  This will allow us to obtain and escrow a personal recovery key in our JAMF instance that we can provide to the end user if they ever need to have their device password reset.