Is there an equivalent to Microsoft LAPS for MacOS?
https://apple.stackexchange.com/questions/421184
-
02-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianPergunta
I am looking for a way to randomize local administrator accounts on MacOS. For Windows, there is a solution called LAPS, which randomizes the local admin passwords (so that every system cant get hacked if a single password is compromised). I found a few projects on github, but would rather use a well known/Apple supported solution.
I have to recommend this to the person who administers these workstations. I'm just trying to make their life easier because most people don't like to do the research.
If there is a way to do this using jamf that would be even better.
What options exist to manage secure passwords like LAPS offers in AD environments for Windows?
Solução
You’ll end up spending more time on managing the secure tokens than LAPS storage for secure passwords. Both are pretty well solved if you have a full time macOS engineer on staff with the ability to script and a capable MDM.
Paying for a tool like JAMF Connect or using Okta / NoMAD makes this even easier - maybe a month or so project full time for the above advanced admin. (So 6 months in real world depending on how many managed endpoints they have to wrangle)
Also, Kandiji is doing some very innovative work in this space - check them out for sure even if you already have an MDM you like.
Outras dicas
Not tested, but macOSLAPS looks mature and closely matches the feature set.
