Administering the Management Account

You can reset the management account password using a policy or Casper Remote. You can also enable or disable the management account for FileVault 2 using a policy.

Requirements

To enable the management account for FileVault 2, the computer must have OS X v10.9–v10.11 and have an existing, valid individual recovery key that matches the recovery key stored in the JSS.

To disable the management account for FileVault 2, the computer must have OS X v10.9–v10.11.

Resetting the Management Account Password Using a Policy

  1. Log in to the JSS with a web browser.

  2. Click the Computers tab at the top of the page.

  3. Click Policies.
    On a smartphone or iPod touch, this option is in the pop-up menu.

  4. Click New images/download/thumbnails/11272352/New_icon.png .

  5. Use the General payload to configure basic settings for the policy, including the trigger and execution frequency.
    For an overview of the settings in the General payload, see General Payload.

  6. Select the Management Account payload and click Configure.

  7. Choose "Specify new password" or "Randomly generate new passwords" from the Action pop-up menu.

  8. Configure the action using the options on the pane.

  9. Use the Restart Options payload to configure settings for restarting computers.
    For more information, see Restart Options Payload.

  10. Click the Scope tab and configure the scope of the policy.
    For more information, see Scope.

  11. (Optional) Click the Self Service tab and make the policy available in Self Service.
    For more information, see Self Service Policies.

  12. (Optional) Click the User Interaction tab and configure messaging and deferral options.
    For more information, see User Interaction.

  13. Click Save.

The policy runs on computers in the scope the next time they check in with the JSS and meet the criteria in the General payload.

Resetting the Management Account Password Using Casper Remote

  1. Open Casper Remote and authenticate to the JSS.

  2. Click Site images/download/thumbnails/11272352/Site.png and select a site.
    This determines which items are available in Casper Remote.
    Note: This button is only displayed if you have a site configured in the JSS and are logged in with a JSS user account that has full access or access to multiple sites.

  3. In the list of computers, select the checkbox for each computer on which you want to administer local accounts.

    images/download/attachments/6161875/Computers_tab.png

  4. Click the Accounts tab.

    images/download/attachments/5147264/Accounts_tab.png

  5. Do one of the following:

    • To randomly generate new passwords, select Randomly Generated Passwords and enter the number of characters required.

    • To specify a new password, select Change To and enter the new password.

  6. Click the Restart tab and configure settings for restarting computers.

    images/download/attachments/5147297/Restart_tab.png

  7. Do one of the following:

    • To immediately perform the tasks on the specified computers, click Go.

    • To schedule the tasks to take place at a specific day and time, click Schedule and choose a day and time. Then click Schedule again.

Enabling or Disabling the Management Account for FileVault 2

You can enable or disable the management account for FileVault 2 on computers with OS X v10.9–v10.11. To enable the account for FileVault 2, the computer must have an individual recovery key.

  1. Log in to the JSS with a web browser.

  2. Click the Computers tab at the top of the page.

  3. Click Policies.
    On a smartphone or iPod touch, this option is in the pop-up menu.

  4. Click New images/download/thumbnails/11272352/New_icon.png .

  5. Use the General payload to configure basic settings for the policy, including the trigger and execution frequency.
    For an overview of the settings in the General payload, see General Payload.

  6. Select the Management Account payload and click Configure.

  7. Choose "Enable User for FileVault 2" or "Disable User for FileVault 2" from the Action pop-up menu.

  8. Use the Restart Options payload to configure settings for restarting computers.
    For more information, see Restart Options Payload.

  9. Click the Scope tab and configure the scope of the policy.
    For more information, see Scope.

  10. (Optional) Click the Self Service tab and make the policy available in Self Service.
    For more information, see Self Service Policies .

  11. (Optional) Click the User Interaction tab and configure messaging and deferral options.
    For more information, see User Interaction.

  12. Click Save.

The policy runs on computers in the scope the next time they check in with the JSS and meet the criteria in the General payload.

Related Information

For related information, see the following sections in this guide:

  • About Policies
    Learn the basics about policies.

  • Managing Policies
    Find out how to create a policy, view the plan and status of a policy, and view and flush policy logs.

Copyright | Privacy | Terms of Use | Security
Copyright JAMF Software, LLC 2016