Jamf Recon at startup isnt getting the macOSLAPS

joshua-d-miller / macOSLAPS

Swift binary that will change a local administrator password to a random generated password. Similar behavior to LAPS for Windows

MIT License

382 stars 57 forks source link

Jamf Recon at startup isnt getting the macOSLAPS #81

Closed mrmte closed 1 year ago

mrmte commented 1 year ago

We have a Jamf policy at startup to get inventory. Our macOSLAPS is to reset every day. This doesn't get the new password uploaded to the computer record in jamf pro. Often we have to update the inventory manually to get the new password. Do we need to add some kind of delay in the inventory collection?

rougegoat commented 1 year ago

I believe this is because the /var/root/Library/Application Support/macOSLAPS-password path isn't available during the initial startup of macOS. There's no good way around that unless you want to store the password in a different more easily accessible location. That could be an enhancement worth looking into, but I'm not sure I would personally want to write an admin password to somewhere like /Users/Shared or the like.

mrmte commented 1 year ago

Thanks very much for the info, appreciated :)

joshua-d-miller commented 1 year ago

Unfortunately I think it's best to keep the password out of places where it could be easily accessed. The current location can only be accessed by root and while it's not ideal for this particular situation it's the best without creating more hurdles to jump through.