Help

Prevent first user account from becoming admin without PreStage

LK
New Contributor III

Posted on ‎04-15-2025 02:27 AM

Hi all,

I am currently trying to enable LAPS for our computers and after reading through documentation and watching videos on the topic, I disabled the creation of the local MDM admin account in PreStage and only enabled the UIE admin account.

New problem that arose with that: The account created by the user during setup is now an admin. But I don't want that.

Does anyone have an easy solution for that?

0 Kudos
Reply
4 REPLIES 4

Jason33
Contributor III

Posted on ‎04-15-2025 04:56 AM

You can still create a local admin account in the PreStage, just dont use the same name as the UIE account, and you'll be good to go. Then just make sure that the 'Local User Account Type' in your PreStage is set to 'Standard Account', and the first account created will be a Standard user.

Reply

LK
New Contributor III
In response to Jason33

Posted on ‎04-15-2025 05:31 AM

What about that admin's password though? The recommendation is to not use both admin account types (MDM and Binary) for LAPS and having the same admin account with the same static password on all machines eliminates the benefits/use of LAPS completely.

0 Kudos
Reply

Jason33
Contributor III

Posted on ‎04-15-2025 05:41 AM

I dont think the password matters as much as the account name being different. Either way, LAPS will set/rotate the passwords for the accounts separately. Each system will have a different password for the accounts.

0 Kudos
Reply

Samstar777
Contributor III

Posted on ‎04-16-2025 07:00 AM

You guys can know more on Implementation on Jamf Pro LAPS by William Smith - https://youtu.be/vsD1RHF6Rlg?si=6Kz8OtX5Z3o8rhm5

0 Kudos
Reply