Help

User-Initiated Enrollment admin account in ADE environment

Go to solution
myu
Contributor

2 weeks ago

I saw 2 accounts listed under Managed Local Administrator Accounts, 1 labeled as "jamf binary" and the other being "PreStage". I looked for where the 1st account was defined and I found it under

 

User Initiated Enrollment > Computers > Managed Local Administrator Account > Create Managed Local Administrator Account

 

I have a feeling that this was defined when we were going through the initial training with Jamf and something we don't really need because we don't allow user initiated enrollments and all our devices are enrolled from Apple School Manager.

 

I'm not sure why Jamf would create this account on devices that have undergone ADE (I've confirmed its presence in our ADE devices with a dscl read). Would there be any issues with me removing that account?

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
AJPinto
Honored Contributor II

a week ago

The Jamf Binary account was an old account used for things like Jamf Remote back in the day. As Jamf retired that workflow the repurposed the account, and it is now basically used as a local admin account as far as I am aware. The password is vaulted, rotated, and the account is hidden by default, so it is generally secure. It does not really hurt anything being on the device. If it's something you guys need to remove for compliance or OCD, then remove it. As with anything, test extensively before pushing to production. You will find any issues while testing.

View solution in original post

1 REPLY 1

Go to solution
AJPinto
Honored Contributor II

a week ago

The Jamf Binary account was an old account used for things like Jamf Remote back in the day. As Jamf retired that workflow the repurposed the account, and it is now basically used as a local admin account as far as I am aware. The password is vaulted, rotated, and the account is hidden by default, so it is generally secure. It does not really hurt anything being on the device. If it's something you guys need to remove for compliance or OCD, then remove it. As with anything, test extensively before pushing to production. You will find any issues while testing.