Help

Shared Local Admin Credentials

cypha
New Contributor

Posted on ‎09-30-2019 02:42 PM

How can I implement something similar to Microsoft LAPS on mac?

I want to achieve:

  1. One local admin account per mac - specifically for deskside support
  2. Each local admin has a different password
  3. Deskside support tech can retrieve password by looking up mac
  4. Password resets and rotates x-hours after it is retrieved by Deskside tech.

I have one solution (Password manager Pro) that may potentially work, but i am not sure if there is a central way to manage this?

Any ideas will be appreciated, thank you.

0 Kudos
Reply
3 REPLIES 3

mark_mahabir
Valued Contributor

Posted on ‎10-01-2019 03:06 AM

We use macOSLAPS but LAPSforMac is a good alternative.

Reply

ammonsc
Contributor II

Posted on ‎10-01-2019 06:17 AM

Could you base the password on something like the serial number? If so that could be scripted to create and set each local admin user.

0 Kudos
Reply

francksartori
New Contributor III

Posted on ‎08-14-2021 02:10 AM

You may also test EasyLAPS. I'm the author of this tool which is designed to regularly rotate the local administrator account password of a Mac and store it in a MDM like Jamf Pro or Jamf School.

0 Kudos
Reply