Shared Local Admin Credentials

New Contributor

How can I implement something similar to Microsoft LAPS on mac?

I want to achieve:

  1. One local admin account per mac - specifically for deskside support
  2. Each local admin has a different password
  3. Deskside support tech can retrieve password by looking up mac
  4. Password resets and rotates x-hours after it is retrieved by Deskside tech.

I have one solution (Password manager Pro) that may potentially work, but i am not sure if there is a central way to manage this?

Any ideas will be appreciated, thank you.


Valued Contributor

We use macOSLAPS but LAPSforMac is a good alternative.

Contributor II

Could you base the password on something like the serial number? If so that could be scripted to create and set each local admin user.

New Contributor III

You may also test EasyLAPS. I'm the author of this tool which is designed to regularly rotate the local administrator account password of a Mac and store it in a MDM like Jamf Pro or Jamf School.