Jamf Nation Community

Worked! Thanks.

Could someone please provide me a step-by-step tutorial on how to utilise this? I understand what the script does, but I'm getting confused on how to start and what to do.

I must be missing something. The script contains all the information needed to decrypt the encrypted string. So anybody with access to the script still gets the admin password. The only place where protection is added is in the JSS, where the policy now contains the encrypted string instead of the plain text password. So this scheme only protects the password inside the JSS - whose access is anyhow very restricted.

@MagicMick this might help:

Script Parameters

just a fair bit of caution, every script jamf runs still hits disk in clear text, in the temp folder that jamf downloads to. So, even if you pass an encrypted string, with parameters to decrypt it, it all hits disk in clear text. Meaning a simple tool like pstree for example can just scrape all that data. Tools like hunters.ai will easily pick this up, or any threat hunting tool should. So, do not assume encrypted strings in jamf scripts is secure, it is simply an extra layer an attacker would have to get through. Which, if said attacker knows how jamf works, it would not be too difficult to get to.

So, really if you want to put security first, don't pass any creds in scripts to client endpoints.