Help

customization for JAMF LAPS

KittyGoyenk
New Contributor III

Posted on ‎09-18-2023 12:08 AM

with Jamf 10.50 pro cloud now, we have JAMF laps using JAMF api. (https://learn.jamf.com/bundle/technical-paper-laps-current/page/General_Requirements.html)

however, i do have 2 question.

1. Can we define the password requirement for JAMF laps? 

Lets say I want so that the password will only have 15 characters and it only have upper case, lower case and number. can i define this?

2. I had a look of this post. (https://community.jamf.com/t5/jamf-pro/retrieve-laps-password-straight-from-the-jss/td-p/297146) and I was wondering can we parse/escrow the password from JAMF LAPS to some extension attributes? By doing this, any admins who can login to jamf pro portal would be able to see the admin password. 

0 Kudos
5 REPLIES 5

Tribruin
Valued Contributor II

Posted on ‎09-18-2023 05:46 AM

1. Not at this time. I would file a feature request as that sounds like a great idea. (The current password is fine if you can copy/paste).

2. While you COULD write a script/EA that calls the API and then pushes the password to an EA, it probably wouldn't work very well. As soon as you retrieve the LAPS via API, a 60 minute (by default) clock starts. At 60 minutes, the password will be rotated, so chances are anything uploaded to an EA would be outdated before someone needed it. The LAPS password is meant to be used when it is retrieved. 

Hopefully Jamf will eventually add the LAPS password to the GUI with the permissions similar to the Personal Recovery Key.  

0 Kudos

DTB_Kirky
New Contributor III

Posted on ‎09-18-2023 06:34 AM

Someone wrote a EA for LAPS: https://community.jamf.com/t5/jamf-pro/jamf-laps-extension-attribute/m-p/294598#M261367

I don't use it as per @Tribruin comment, it will be out of date quickly.  I instead altered it to retrieve the password and show in a swift dialog for 20 secs and added it to a policy.  Made it available via Self Service for all our engineers to see only

0 Kudos

KittyGoyenk
New Contributor III

‎09-19-2023 08:47 PM - edited ‎09-19-2023 08:48 PM

For the password rotation, i actually change the jamf laps api to below

so that password rotation time would be 8 hours and rotating once every week

{  "autoDeployEnabled": true,
   "passwordRotationTime": 28800,
   "autoRotateEnabled": true,
   "autoRotateExpirationTime": 604800
}

 

0 Kudos

KittyGoyenk
New Contributor III

Posted on ‎09-19-2023 09:26 PM

as far as feature request, i believe this has been mention in here https://ideas.jamf.com/ideas/JN-I-27528

0 Kudos

Pro4TLZZ
New Contributor II

Posted on ‎11-08-2023 12:19 PM

 You can retrieve the LAPS password with this tool from the JSS https://community.jamf.com/t5/jamf-pro/retrieve-laps-password-straight-from-the-jss/m-p/297146

0 Kudos