I'd love to be able to have a script to update the password for our local admin account on all devices. I know some people here were able to get this working, but that thread is a few OSes old and I assume based on the age that it's no longer applicable.
Solved
Change Password for Filevault-Enabled Management Account on Ventura and Sonoma?
+4Best answer by TrentO
I'm pretty sure @AJPinto is correct.
Have you looked into using LAPS? Jamf has a built in solution for management accounts (https://learn.jamf.com/bundle/technical-paper-laps-current/page/Local_Administrator_Password_Solution.html ). There are also 3rd party implementations such as PezzaD84/macOSLAPS.
These are not quite what you're asking as they would require either making a new account or using an existing management account. Still, it might be your best option.
+26This is not possible anymore as far as I am aware. FileVault generates a Secure Token, and you need a secure token to rotate the password of an account with a Secure Token.
+9I'm pretty sure @AJPinto is correct.
Have you looked into using LAPS? Jamf has a built in solution for management accounts (https://learn.jamf.com/bundle/technical-paper-laps-current/page/Local_Administrator_Password_Solution.html ). There are also 3rd party implementations such as PezzaD84/macOSLAPS.
These are not quite what you're asking as they would require either making a new account or using an existing management account. Still, it might be your best option.
+4I'm pretty sure @AJPinto is correct.
Have you looked into using LAPS? Jamf has a built in solution for management accounts (https://learn.jamf.com/bundle/technical-paper-laps-current/page/Local_Administrator_Password_Solution.html ). There are also 3rd party implementations such as PezzaD84/macOSLAPS.
These are not quite what you're asking as they would require either making a new account or using an existing management account. Still, it might be your best option.
We use LAPS on our Windows machines, and I never even considered there'd be a similar implementation for MacOS.
Honestly, that second one, with the self-service options, looks great for what we need. We already have a local admin on each device, it's just a matter of setting it up with that account from the sounds of it. Thanks for the links!
+9We use LAPS on our Windows machines, and I never even considered there'd be a similar implementation for MacOS.
Honestly, that second one, with the self-service options, looks great for what we need. We already have a local admin on each device, it's just a matter of setting it up with that account from the sounds of it. Thanks for the links!
Glad to help. There was a great talk at JNUC on it this year. I don't think the video is on youtube yet, but it should be soon-ish.
+1Hello,
@TrentO Thanks for sharing! This is looking great indeed.
I need a sanity check for PezzaD84/macOSLAPS solution. This needs to have LAPS enabled in the Jamf Pro API first correct?
Thank you!
+9Hello,
@TrentO Thanks for sharing! This is looking great indeed.
I need a sanity check for PezzaD84/macOSLAPS solution. This needs to have LAPS enabled in the Jamf Pro API first correct?
Thank you!
No actually. This is a completely separate LAPS implementation and only relies on Jamf to deploy the policies.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.