Local Admin Password Solution (LAPS) addresses security vulnerabilities of common admin workflows by supporting a unique and randomized local account password per device, that rotates after viewing, and that is accessible to a subset of authorized users. This security feature ensures an organization can maintain control over end user privacy and sensitive data. LAPS is an automated approach that allows IT administrators to maintain security, comply with regulations, improve efficiency, and maintain accountability by knowing who accessed the password and when.
With Jamf Pro 10.46.0, Jamf introduced LAPS support as an API-first solution for better securing shared IT admin accounts on computers. This implementation was specific to the admin account created during Automated Device Enrollment using a PreStage enrollment.
Jamf Pro 10.49.0, as part of User-Initiated Enrollment settings, Jamf expands LAPS support specifically for the Jamf Management Account specified. This solution adds support for managing an alternative admin account outside of Automated Device Enrollment.
In 10.46, Jamf announced the ability to specify or modify computer management credentials would be deprecated in a future release. As of Jamf Pro 10.49, the ability to set a known Management Account password on enrolled computers is removed from the GUI. Upon upgrade, any pre-existing, known Management Account password will be replaced with a rotated, random password of 29 characters that is unique to each computer for enhanced security. Newly-enrolled computers will also receive a random password if the Management Account is set for creation during enrollment. Admins can view a computer’s randomized password in the Jamf Pro API using the local-admin-password endpoints.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.