Help

Securing Storing Local Users Password

derrad
New Contributor III

Posted on ‎01-14-2019 12:27 PM

Figured I could get some good feedback from my fellow jamf nation users.

Our university has a student program which provides level 1 support to other students. The student agents check in personal non-university owned laptops that are having issues and evaluate weather it is hardware or software and then send it to the appropriate team. Our legacy ticketing system allowed us to store the local users password in the ticket (for data recovery reasons). Our security team is not allowing this in our new ticketing system (which I completely understand why).

I just wanted to know what the community is doing when they encounter a computer that needs repair, and the computer has a password. Do you have a secure database, are you using a sticky note (LOL), etc.?

0 Kudos
1 REPLY 1

sshort
Valued Contributor

Posted on ‎01-14-2019 01:38 PM

We have a separate admin account that has FileVault access, and that account password gets changed on a regular basis using LAPS.

If we need to get into the user's account for $reasons, we'll usually ask the user if it's ok to reset their password to something temporary. Then when the user get the machine back they can change it.

0 Kudos