Jamf Nation Community

Our self service account is tied to an non-hidden, non Casper created admin account on our systems.
When I change the admin password on the client systems (because coworker left/security), non admin users are asked for credentials when accessing Self Service.

Whats the best way to change the admin password on 50+ systems so users can continue to access Self Service?

Thanks.

You'll want to change that from within Casper then, in a policy or from Casper Remote. If the account you're changing is your management account as you say, use the option under the Accounts tab labeled Change Management Account Password Just enter the new password in the Change to: fields there and apply it to all Macs. Well, apply it to a few at first to ensure its working, but that should do it As I mentioned, if you change that password outside of a Casper Suite process, it will get out of sync on the JSS and when policies run it can no longer authenticate since it has an old password stored for it, so users get prompted to enter it at that time instead.

Nice. I'll test it.
Thanks.

We have Management Framework Settings configured so users don't get prompted at all, since what we're providing is free (etc.):

external image link

The Casper management account is hidden on our Macs, and I confirmed password is correct on a 10.8.4 Macs that is having this problem.

I don't remember seeing Self Service.app ever asking a user to provide local admin credentials, so I'm worried something broke.

Don

@Don, when you say "I confirmed password is correct on a 10.8.4 Mac that is having this problem" that doesn't necessarily mean the JSS has the same password stored for it. In other words, the password for the account ON the Mac may be what you expect, but is it the same in the JSS? Have you confirmed that, or set it to what it should be there as well?

Unfortunately there is actually no way to read that password in the JSS, but you can set it for that Mac's record to what you believe it should be. I would try that next if you haven't done so already.

I would suggest re-enrolling the machines so they use a new admin user and have the passwords synced with the JSS.

The bonus is that your next employee won't have to come by when you leave and do this all again.

-c

@mm270 and @ctangora, the test Macs have been re-enrolled, so the account is present and credentials are correct. When a user launches Self Service.app and tries to run an install, they are prompted for local admin rights by OS X.

Don

Hmm, not sure what to tell you about that then. I guess if you're not opposed to it, you could try deleting the computer record in your JSS and re-enrolling it again. If you still have the same issue with a brand new record, then something may indeed be broken.
Just curious though, you only see this on some Macs, but not others?

Sorry for the late response, was transitioning between gigs. :) You guys were right, the Mac was enrolled using my domain account. Once I re-enrolled using our management account credentials, Self Service launched and worked fine.