Resolved Profile Manager, change local admin password

Discussion in 'Mac OS X Server, Xserve, and Networking' started by DennisBlah, Sep 20, 2018.

  1. DennisBlah macrumors 6502

    DennisBlah

    Joined:
    Dec 5, 2013
    Location:
    The Netherlands
    #1
    Hi all,

    I was hoping to find someone who can help me out here.

    I manage +/- 1500 OSX clients through Profile Manager and Munki (sort of Jamf, but free)

    I'm in the need to change the password of my local administrator user on all devices.

    Before I created an 'autoUpdater' with encrypted keys that contain the password. Which on it's turn is being decrypted and executes CLI commands to copy applications and/or run applescripts.

    There I could easily change the password.
    Now I'm leaving this application since the amount of clients went 'boom' and using ProfileManager with Munki.

    I do not want to put the password unencrypted in a payload free package.

    Any advice?
     
  2. TriBruin macrumors regular

    Joined:
    Jul 28, 2008
    #2
    Could you encrypt the password in your script with openssl and then use a decode option in your bash script? While not completely secure (You will still have your encoded password and decryption key in the script), it would, at least, keep people from seeing your password in the open.

    Other idea, can you could put the encrypted password in a file on a server and read it from the script.

    (And, 1500 devices on Profile Manager. I commend you!)
     
  3. DennisBlah thread starter macrumors 6502

    DennisBlah

    Joined:
    Dec 5, 2013
    Location:
    The Netherlands
    #3
    Hi TriBruin,

    As my 'autoUpdater' was using this process. In xCode I used an AES encryption library to encrypt the password with a key.
    The actual password was indeed stored on a fileshare. Pulled from, decrypted it, de-scrambled it for username / password and using it to run the CLI and AppleScript with admin privileges.


    From your initial response I asume it's not possible with Profile Manager then :)
    So indeed I will have to create a new script and find a good way to manage the password (encryption and decryption)
    I got 10 more guys (and lady) that need to be able to perform the password change.

    I'll see what I can do, maybe I'll post it here if anyone is interested.

    Thanks for your response!
     
  4. hobowankenobi, Oct 1, 2018
    Last edited: Oct 1, 2018

    hobowankenobi macrumors 6502a

    Joined:
    Aug 27, 2015
    Location:
    on the land line mr. smith.
    #4
    Never used it.....but CreatUserPkg has (so I understand) the ability to update PWs, as well as automate user creation.

    UPDATE: Sorry, looks like the project is out of date, and only works up to 10.12.

    Possible help here.
     
  5. DennisBlah thread starter macrumors 6502

    DennisBlah

    Joined:
    Dec 5, 2013
    Location:
    The Netherlands
    #5
    Hi hobowankenobi,

    I did not took lots of time to investigate, but thanks for your link!
    Went through to https://github.com/gregneagle/pycreateuserpkg
    And it should work :)
    So I'll create a installer package with a script to create the accounts :)

    Thanks!!
     

Share This Page

4 September 20, 2018