Help

Retrieve Local admin password

amit_1103
New Contributor

Posted on ‎09-10-2023 06:41 PM

Hello,

I am new to JAMF and still learning how to use the application. I was trying to set up a Macbook M1 for a user in our organization and now I'm unable to find the local account password for the Macbook. The steps are listed below:

1. I completed the standard setup process for my MacBook, which required me to create a local admin account.
2. After that, I connected the MacBook to my organization's network.
3. Then, I enrolled the MacBook in Jamf using the Jamfcloud enroll feature.
4. However, since Jamf is now managing the local admin password, I am unable to locate it on the Jamf platform. Can someone kindly advise me on how to retrieve the password for the local account of my MacBook on Jamf?

0 Kudos
6 REPLIES 6

AJPinto
Honored Contributor II

Posted on ‎09-11-2023 05:13 AM

JAMF does not escrow account passwords, and has no way to know what the password is/was. JAMF does not manage passwords, it can manage password requirements but not the passwords themselves.

 

If the local account and password is configured with Automated Device Enrollment, LAPS can handle checking out and rotating the password. However, you said you created the account manually, then enrolled using Device Enrollment. So JAMF has no concept of record of this password or what it is, and is not managing the password.

 

How to Securely Manage Local Admin Passwords with ... - Jamf Nation Community - 289969

0 Kudos

amit_1103
New Contributor
In response to AJPinto

Posted on ‎09-11-2023 06:40 AM

Thank you for getting back to me! 

 

After enrolling it to JAMF, the local admin password I set during the initial setup is not recognized. I'm not sure if this is due to JAMF or if there is any way to retrieve the password for the local admin account. Please let me know 

0 Kudos

AJPinto
Honored Contributor II
In response to amit_1103

Posted on ‎09-11-2023 06:45 AM

If you are referring to the JAMF Management account that is generated during Device Enrollment (its not created during Automated Device Enrollment) that password is random and not stored in any way you can access beyond LAPS which I mentioned above. That account should only be used by JAMF.

0 Kudos

amit_1103
New Contributor
In response to AJPinto

Posted on ‎09-11-2023 12:06 PM

One last thing. I am reviewing the policies on JAMF and I came across a policy that resets the local administrator password. The policy contains the username and password, which are currently hidden in password format. I am curious if there is a way to reveal the password?

0 Kudos

AJPinto
Honored Contributor II
In response to amit_1103

Posted on ‎09-13-2023 04:41 AM

Once you enter an account password in to a policy, the password is masked. There is no way to retrieve it. The best suggestion I have is to update the password in the policy, and document the password.

 

If that account does not have a Secure Token, you can use another JAMF policy to change that accounts password on existing devices. If it does have a Secure token, JAMF cannot modify the password.

0 Kudos

Keith_L
New Contributor III

Posted on ‎09-14-2023 12:29 AM

@amit_1103 

You probably have a config profile for Passcode that is more restrictive than what you've setup during the user creation.

 

That's why it is not accepting your 'old' password.

0 Kudos