macOSLAPS
ProfileManifestsMirror
macOSLAPS | ProfileManifestsMirror | |
---|---|---|
27 | 14 | |
365 | 154 | |
- | 3.2% | |
0.0 | 3.4 | |
about 1 year ago | 5 months ago | |
Swift | Python | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
macOSLAPS
-
Best practice for MacOS control + user experience in Intune. (Autopilot for Macs to Intune)
LAPS isn't natively supported but once again there's a third-party solution
- Simple App to help Mac Admins
-
Mac user password resets
As others have mentioned, a second account with admin privileges might be your best bet. If you're going to go that route, you may want to implement macoslaps along with that. Macoslaps randomizes the local admin password which comes in handy if you need to give the password to someone. It used to be only for Active Directory joined Macs but now can be used without an active directory (via MDM). Here's the link for more info: This goes on the clients - https://github.com/joshua-d-miller/macOSLAPS
-
Anyone know if macOSLAPS will work with the new Windows LAPS update Microsoft just announced?
We use MacOSLAPS on our Mac clients to randomize the admin password on those machines: https://github.com/joshua-d-miller/macOSLAPS
-
The Active Directory team has delivered LAPS natively to Windows 10 & 11, #WindowsServer 2019 & 2022 with this month’s Patch Tuesday!
And that implementation is why when I set this up at $oldJob I set the RemovePassChars key to all ambiguous characters I had run into on the Microsoft product.
-
First Post - a stupidly specific failure
I believe setting something like macOSLAPS up will also resolve the issue since the automatically created local account would authenticate and update it's password silently.
- is it possible to see what account made changes to the system?
-
Need advice for securing company laptops
There are a variety of alternatives, such as https://github.com/joshua-d-miller/macOSLAPS
- Create a standard account, no admin account
- Mac User accounts
ProfileManifestsMirror
-
Firefox Using Only Approved Exts/Add Ons
You can make custom profiles in Jamf using the same json imazing uses/same repo. This will give you access to all of the keys available in the software. I think the reason they say it’s not enterprise software is there is no central control like chrome or edge. https://github.com/Jamf-Custom-Profile-Schemas/ProfileManifestsMirror
-
Automating OneDrive Known Folder Move (KFM)
If you are using Jamf, this custom settings json should help with the vast majority of what you are wanting to do.
-
Onedrive Plist JAMF
It might be easier to use a custom settings json. Here is one from a source that Jamf featured on their blog last year.
-
Need PLIST to deploy Zoom to macs
You should look into using Custom Settings json files to handle this. Here's one from a Jamf recommended source that I use in my environment. It works really well, and it's much easier to understand at a glance than a plist is.
-
How do I edit plists using Xcode?
If you're using Jamf Pro, you may be better off using a Custom Settings JSON to apply these settings.
-
Anyone know how to disable screen time for macOS? We use Jamf pro so either a script or profile would work if anyone knows or can help .
Are you wanting to completely disable it or just skip it during initial sign in? This custom settings json should help with the latter, and if you then restrict access to the "Screen Time" preference pane that should be a roundabout way to fully disable it.
-
iCloud Desktop & Documents Sync Makes an Unkillable Desktop Folder
Rather than putting the energy towards this script, you should start working on how to deploy the official one. All of the config settings are available now. If you are using Jamf, you can even use this custom settings json to handle like 90% of the work. The only major thing to know in advance is that the settings "KFMOptInWithWizard" and "KFMSilentOptIn" are looking for your tenant ID.
-
Deploying Google Drive via MDM
If you're using Jamf, this custom settings json should help with managing most of those kinds of settings.
-
Thoughts on managing MS Defender on macOS
One and done setup, though a Custom Settings json file can really streamline any modifications you have to do down the line.
-
3CX PWA deployment with JAMF
I believe WebAppInstallForceList is the setting you are looking for. It looks like that is included in this custom settings json though I have not verified that it will work.
What are some alternatives?
LAPSforMac - Local Administrator Password Solution for Mac
macOS-enterprise-privileges - For Mac users in an Enterprise environment, this app gives the User control over administration of their machine by elevating their level of access to Administrator privileges on macOS. Users can set the time frame using Preferences to perform specific tasks such as install or remove an application.
access-manager - Access Manager provides web-based access to local admin (LAPS) passwords, BitLocker recovery keys, and just-in-time administrative access to Windows computers in a modern, secure, and user-friendly way.
ProfileCreator - macOS app to create standard or customized configuration profiles.
MakeMeAdminPy - Updated MakeMeAdmin workflow now converted to Python with violation checking if additional accounts get created during the users time as a temporary admin.
PPPC-Utility - Privacy Preferences Policy Control (PPPC) Utility
Installomator - Installation script to deploy standard software on Macs
nudge - A tool for encouraging the installation of macOS security updates.
kinobi - An external patch definition server for Jamf Pro
MakeMeAnAdmin - Provides temporary admin access for a standard user via Jamf Self Service
autopkg - Automating packaging and software distribution on macOS.