jelockwood
commented
5 years ago Oops, it turns out I had ordered things so that the jamfmanager account needs a secure token before LAPS is allowed to run. I will concentrate on getting that solved first and then if needed re-open this issue.
I have been using this LAPS successfully for sometime with clients running High Sierra and connected to JAMF Pro. This still works with High Sierra 10.13.6 and JAMF Pro 10.7.1.
I have recently started building client Macs with Mojave 10.14 and the same JAMF Pro 10.7.1 and the same script and policies. Unfortunately I am finding that it fails on these.
I am having a similar issue with a script that is supposed to temporarily reset the jamfmanager account so that it can then trigger issuing a secure token to that account for use with FileVault. This also is not working.
I therefore suspect Apple have changed the security on being able to remotely change passwords.
Anyone else seen this?