<Long, boring background removed. You know the story by now.>
We got caught by the Jamf Pro LAPS cutover. Now, we have three different admin accounts on a laptop that's been run through pre-stage enrollment (PSE) and two on user-initiated enrollments (UIEs).
- PSE admin / jamf binary admin
- created in the PSE config
- needed for the PSE process
- no longer randomizes and manages its own password as it did in pre-LAPS days
- does not work with LAPS, so we need to manage this account password
- UIE admin
- "Support" admin
- Jamf support told us we should create this as a break-glass option if LAPS fails on the UIE admin
- apparently, the PSE / jamf binary admin account won't work for this purpose for $REASONS
- we need to manage this account password
How do y'all manage all of these admin accounts, or any pointers to how-to resources?
While I was looking forward to getting LAPS functionality, I don't see this LAPS implementation as anywhere near a win at the moment, and I would love to disable it.
Thanks,
Pete
