Help

Management Account and QuickAdd problems

Go to solution
seanhansell
Contributor

Posted on ‎09-05-2013 08:08 AM

We use a dedicated management account in our environment, "casper". This account is present on every computer. We do not currently randomize the password. Occasionally machines will become managed by another account and I will need to repoint them to the "casper" account.

This used to be achieved by running the command "sudo jamf recon -sshUsername casper -sshPassword <password>". At some point this command became obsolete. At the very least it no longer achieves the desired goal of changing the management account.

We then achieved this by deploying a QuickAdd.pkg with the correct account settings. This no longer works because it seems the current crop of QuickAdd.pkg is single-use only.

How can I remanage my computers with the correct account without having the task be a manual process?

- Sean
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
mm2270
Legendary Contributor III

Posted on ‎09-05-2013 08:11 AM

QuickAdd's generated on the JSS for self enrollment are one time use, but not so with something created from Recon.app. Make your QuickAdd.pkg in Recon.app with the proper settings and you should be able to install it via policy on any Macs that need it.

Just curious though, how are you detecting the proper set of Macs that need to be repointed to your "casper" account?

View solution in original post

0 Kudos
4 REPLIES 4

Go to solution
mm2270
Legendary Contributor III

Posted on ‎09-05-2013 08:11 AM

QuickAdd's generated on the JSS for self enrollment are one time use, but not so with something created from Recon.app. Make your QuickAdd.pkg in Recon.app with the proper settings and you should be able to install it via policy on any Macs that need it.

Just curious though, how are you detecting the proper set of Macs that need to be repointed to your "casper" account?

0 Kudos

Go to solution
seanhansell
Contributor

Posted on ‎09-05-2013 08:18 AM

Extension Attribute:

#!/bin/sh

apiURL="https://casper.company.com:8443/JSSResource/computers/macaddress/"
apiUser="apiusername"
apiPass="apipassword"
MacAdd=$(networksetup -getmacaddress en0 | awk '{ print $3 }' | sed 's/:/./g')

ManAccount=$(curl -s -u $apiUser:$apiPass $apiURL$MacAdd | xpath /computer/general/remote_management/management_username[1] | sed 's/<management_username>//;s/</management_username>//')

echo "<result>$ManAccount</result>"

- Sean
0 Kudos

Go to solution
seanhansell
Contributor

Posted on ‎09-05-2013 08:43 AM

Using a Recon-created QuickAdd package did the trick! Thank you!

- Sean
0 Kudos

Go to solution
mm2270
Legendary Contributor III

Posted on ‎09-05-2013 08:55 AM

Ah, I see, you're using the Extension Attribute that I posted to Ben Toms' thread. :-) I had a feeling it was something like that.

0 Kudos