One Account to P0wn Them All: How to Move Away from a Shared Admin Account

The safest administrator account on a machine is one that doesn't exist. Learn how to make that happen.

Ah, the local administrator account for macOS. Traditionally, IT teams put this lonely island of vulnerability onto every machine in their fleet just in case of the one-off need to change a user's password, make a change to one machine that's not worth building a Jamf Pro policy, or being some way to decrypt FileVault in case of a "resume generating event" of the user.

And then all it takes is one teenager shoulder surfing the IT person and suddenly all your Mac belong to us.

Learn about common ways IT teams have solved this admin account issue in the past, best practices for shared accounts, recommendations for the secure Apple suggested ways to manage admin access, and a new way to remove an admin account completely. We'll present how Jamf Connect can create an admin account just-in-time on a device to do the needful things and then disappear just as easily with a Self Service policy.