32 C
Ahmedabad
Friday, July 4, 2025
type here...
MDMJamf

LAPS for macOS

By Ramesh Makkapati
0
1154

Managing Local administrator account using jamf

Local Administrator Password Solution (LAPS) provides management of local account passwords. Passwords are stored in jamf pro, so only eligible users can read it or request its reset.

Step 1: Download the pkg file from https://github.com/joshua-d-miller/macOSLAPS/releases

Step 2: Download the json from https://github.com/kdrwygvh/JSON-Schema-for-Jamf-Pro-Applications-and-Settings-MDM-Payload/blob/master/macOSLAPS/edu.psu.macoslaps.json

Step 3: Download Extension attributes from https://github.com/joshua-d-miller/macOSLAPS/blob/master/macOSLAPS_EA.sh

Uploading the pkg file

  1. Login to jamf portal –> Navigate to All settings –> Computer Management –> Packages –> New
  2. Upload the package downloaded from Step 1

 

Crating a Policy

This policy will be responsible for deploying the pkg file and resetting the local admin account password

  1. Login to jamf portal –> Navigate to Computers –> Policies –> New
  2. Enter the name
  3. Navigate to Packages and browse to the pkg file
  4. Configure Maintenance
  5. Navigate to Files and Process pane and execute the command /usr/local/laps/macOSLAPS

       

Select required frequency for running the policy and scope it to the devices

Creating a Configuration Profile

  1. Login to jamf portal –> Navigate to Computers –> Configuration Profiles –> New
  2. Enter the name and navigate to Application & Custom Settings pane –> Select External Applications –> Add
    • Source : custom schema
    • Preference Domain : edu.psu.macoslaps
    • Click on Add Schema and paste the json content downloaded. Once the schema is updated, click on Edit schema and select the required options

Note: Its mandatory that you need to select the “local admin” username that exists in all the devices (We are using pre-stage enrollment to create local admin account). Also, provide the same password in the configuration profile. If there is any mismatch in the password or username, then the solution will not work.

    • Navigate to Scope and target the deployment to required devices

Creating Extension Attribute

  • Go to Settings –> Computer management –> Extension Attributes
  • Create a new and paste the script downloaded from step 3

Verification

  1. Login to jamf portal –> Navigate to Computers –> Select the computer –> Inventory –> General

Resetting the Password

  1. Login to jamf portal –> Navigate to Computers –> Policies –> New
  2. Enter the name
  3. Configure Maintenance
  4. Navigate to Files and Process pane and execute the command /usr/local/laps/macOSLAPS -resetPassword

     5. Scope it to required devices

Author

  • Ramesh has 10+ years of experience in workplace services domain majorly in windows and macOS operations. His main area of interest is to design & implementation of simplified and stable digital workplaces to end users. He is proficient in working on MECM (Intune and SCCM), jamf, Microsoft Azure, Application life cycle management, Application Packaging, and Citrix

Previous article
Complete OSD Troubleshooting
Next article
Task sequence troubleshooting guide
- Advertisement -spot_img

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Search

Latest posts

I’m the person behind this webpage. Thank you for visiting the website and about me page! My website is all about Microsoft technologies. More about ConfigMgr and all other technologies which are interesting for me. However, larger percentage of my posts are related to SCCM. Normally, like to post the interesting issues which I came across in my day to day tech life. you will find only solutions which comes on my day to day life.

Hot Category

Popular Post

© COPYRIGHT Hiraniconfigmgr.com

Developed By : Deepcoder