Unique DEP local admin password (per device)

It would be great if the password of the local administrator account created during the DEP enrolment was unique to that device.

The password could be shown in the device information together with the EFI password and FileVault recovery key.

37 votes

wilson shared this idea · Apr 27, 2018 · Report… · Admin →

completed ·

Anonymous responded · Apr 27, 2022

The options to store auto-created admin passwords and to automatically set (and store) a unique password per device has been added to the macOS Account Setup options. Stored passwords can be retrieved from the device record. Link to KB article: https://help.pdq.com/hc/en-us/articles/5626064805659-macOS-Account-Setup-and-Admin-Passwords

An error occurred while saving the comment

miawri commented · April 8, 2022 5:02 AM · Report

This would be a very good addition and would mean we would not need to implement a LAPS after deployment.

Submitting...
Sebastian Norling commented · July 17, 2020 3:38 AM · Report

Indeed very needed. An attacker knowing one password to get root access to all employee devices... *shivering*

Submitting...
Daniel commented · January 17, 2020 9:13 AM · Report

This would be a great feature! We currently have a local admin account for each device, which we could create during DEP. But with a single password, if we ever need to change it for any reason, we'd have to touch ALL machines.

The current alternative is that our admin sets up all user accounts and passwords manually, but of course it'd be way cooler to have zero-touch deployments.

Submitting...

I suggest you ...