We're seeing this issue on our test Macs running 10.13.2. Initial DEP
setup successfully enables FV2 via JSS policy for the local admin user
(ours is created in PreStage). Key is escrowed in JSS as expected. When
logging in as a mobile user (or creat...
Apologies if this has been answered elsewhere. I'm experimenting with
modifying the username value using the REST API rather than our current
method of running jamf recon -endUsername $user, but realized that the
former won't update the corresponding...
separate/tiered accounts for accessing server infrastructure, and, if a
management account is necessary on macs, usage of a tool like macOSLAPS
will reduce the effectiveness of credential dumping on macOS. afaik
there's no real way to mitigate creden...
Yeah, I mean, there's urgency in leveraging more third-party tools to
patch up Apple's broken processes, since we'll be getting High Sierra
hardware before we know it. But there's also the fact that this was
working before and Apple has not done anyt...
I'm changing the password in Active Directory directly. These are mobile
accounts. The standard login window immediately authenticates with the
new password set in AD, and I am given the standard prompt after logging
in to update/create new keychain....