Administering the Management Account

You can use a policy or Jamf Remote to administer the management account.

Using a policy to administer the management account allows you to do the following:

  • Change the account password—This option changes the management account's password, as well as the account's password and FileVault 2 password. It is recommended that you use this option if the management account's login keychain password matches the account password stored in Jamf Pro.

  • Reset the account password—This option only changes the management account's password. This option does not change the management account's login keychain password or FileVault 2 password. For computers with macOS 10.14 or later, you must disable the management account SecureToken to reset the password. For more information on SecureToken, see the following documentation from Apple:

    Note: If the management account's login keychain password does not match the account password stored in Jamf Pro, you must use the Reset Account Password option when administering the management account using a policy or the policy will fail.

  • Enable the user for FileVault 2

    Note: For computers with macOS 10.13 or later, the computer must have a valid individual recovery key that matches the recovery key escrowed in Jamf Pro.

  • Disable the user for FileVault 2

Using Jamf Remote to administer the management account allows you to reset the management account's password.

Administering the Management Account Using a Policy

You can change or reset the management account password using a policy. You can also enable or disable the management account for FileVault 2.

  1. Log in to Jamf Pro.

  2. Click the Computers tab at the top of the page.

  3. Click Policies.

  4. Click New images/download/thumbnails/67633298/Icon_New_Button.png .

  5. Use the General payload to configure basic settings for the policy, including the trigger and execution frequency.
    For an overview of the settings in the General payload, see General Payload.

  6. Select the Management Account payload and select an action using the options on the pane.

  7. Use the Restart Options payload to configure settings for restarting computers.
    For more information, see Restart Options Payload.

  8. Click the Scope tab and configure the scope of the policy.
    For more information, see Scope.

  9. (Optional) Click the Self Service tab and make the policy available in Self Service.
    For more information, see Making Items Available to Users in Jamf Self Service for macOS.

  10. (Optional) Click the User Interaction tab and configure messaging and deferral options.
    For more information, see User Interaction.

  11. Click Save.

The policy runs on computers in the scope the next time they check in with Jamf Pro and meet the criteria in the General payload.

Resetting the Management Account Password Using Jamf Remote

  1. Open Jamf Remote and authenticate to the Jamf Pro server.

  2. Click Site images/download/thumbnails/67633298/Site.png and select a site.
    This determines which items are available in Jamf Remote.

    Note: This button is only displayed if you have a site configured in Jamf Pro and are logged in with a Jamf Pro user account that has full access or access to multiple sites.

  3. In the list of computers, select the checkbox for each computer on which you want to administer local accounts.

  4. Click the Accounts tab.


  5. Do one of the following:

    • To randomly generate new passwords, select Randomly Generated Passwords and enter the number of characters required.

    • To specify a new password, select Change To and enter the new password.

  6. Click the Restart tab and configure settings for restarting computers.

  7. Do one of the following:

    • To immediately perform the tasks on the specified computers, click Go.

    • To schedule the tasks to take place at a specific day and time, click Schedule and choose a day and time. Then click Schedule again.

Related Information

For related information, see the following sections in this guide:

  • About Policies
    Learn the basics about policies.

  • Managing Policies
    Find out how to create a policy, view the plan and status of a policy, and view and flush policy logs.

  • About Computer Enrollment
    Find out how to create the management account and what tasks the management account performs.

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2019 Jamf. All rights reserved.