macOSLAPS icon indicating copy to clipboard operation
macOSLAPS copied to clipboard

Published 20 hours ago verified publisher icon joshua-d-miller

Issue on first run not changing the password for jamf managed account

Open ecomatt opened this issue 10 months ago • 4 comments

Hi, on a fresh jamf build machine I have a hidden 'admin' account which gets created. in the plist I copied and pasted the exact password for first run. but I get this error.

There does not appear to be a macOSLAPS Keychain Entry. Most likely, a password change has never been performed or the first password change has failed due to an incorrect password

my .plist looks like this:

                <key>DaysTillExpiration</key>
                <integer>0</integer>
                  <key>FirstPass</key>
                <string>[firstpassword]</string>
                <key>LocalAdminAccount</key>
                <string>admin</string>
                <key>Method</key>
                <string>Local</string>
                <key>PasswordLength</key>
                <integer>12</integer>
                 <key>PasswordRequirements</key>
                                  <dict>
                                  <key>Lowercase</key>
                                  <integer>5</integer>
                                  <key>Uppercase</key>
                                  <integer>1</integer>
                                  <key>Number</key>
                                  <integer>1</integer>
                                  </dict>
               <key>RemovePassChars</key>
               <string>{}[]|1lLO.</string>
    </dict>
</code>

doest the script not work on jamf managed accounts? should I create a new admin account and run it on that and remove the jamf prestige password account creation?

Thanks

ecomatt avatar Jan 30 '25 11:01 ecomatt

What "script" are you talking about?

The first run requires the -firstPass option with the current password, otherwise that error is generated, how are you getting the hidden admins account password and passing it to macOSLAPS?

wakco avatar Jan 30 '25 20:01 wakco

Sorry when I say script it meant the whole MacOSLaps process. So I have just setup the pre stage to create the admin account and I copied and pasted the same password into the firstpass string. I will go back and double check my passwords and re enroll the Mac to check.

ecomatt avatar Jan 30 '25 21:01 ecomatt

Hi no matter what I was trying I could not get a -resetpassword to complete. when I updated to version 4.0.0 Build 845 then it works? but now I can get it to generate password using v4 but can not get it to report back to Jamf via EA? If anyone is successfully doing this via Jamf Pro could they please advise.

Thanks

ecomatt avatar Feb 03 '25 13:02 ecomatt

HI there @ecomatt ,

I believe there should be scripts for 4.0 in the MDM Scripts folder that was added today. Additionally if you head over to the MacAdmins Slack in the #laps channel there should be some additional items. 4.0 is still prerelease as I'm collecting feedback on it. Sorry for the delayed response.

Thanks!

joshua-d-miller avatar Feb 26 '25 13:02 joshua-d-miller