This document describes the means by which approved local administrative accounts are created on managed macOS devices.
Your macOS device must:
- be running a supported version of macOS (normally the 3 most recent versions)
- be enrolled in the Jamf device management system
- be logged in using your standard user account - your admin account will be named after your standard account, e.g. if your standard user account is uol123, your admin account will be uol123-admin.
You must:
- ensure you have received authorisation as set out by a signed-off copy of your application form, showing your user ID, your machine name, and detailing any supplemental terms of use.
- read and agree to the terms of use (in the information for the function in Self Service, KB0017214 and on your authorised form) before clicking Create.
You must not:
- run the Self Service function without the afore-mentioned written authorisation
Creating your account
Should your application for administrative privileges be approved, IT will set your device to enable creation of your administrative account via a function in the Jamf Self Service app.
Once you have received a technician's confirmation of this, do the following to create your account:
- Launch the Jamf Self Service app.
- Navigate to the Functions section.
- Locate the "Create local admin account" item.
- Click the Create button.
- Read the conditions of use, plus those laid out in KB0017214 and on your approved application.
- Only if you agree to all conditions, click the Create button again.
|  |
- You may be prompted to approve control of System Events by Jamf. Click OK to allow this.
|  |
- Before creating your password, ensure that you have one in mind which fully complies with complexity rules.
- If the password does not meet the requirement, your account will be created, but the password will not work. You will require direct IT assistance to perform a password reset before your new account can be used.
|  |
- Take care to ensure the verification matches the first password entry.
- If the passwords do not match, your account may not be created and you will require IT assistance either to make the Self Service function available again, or to reset the password if the account was created.
|  |
|
|  |
- Check in System Settings (System Preferences in older macOS versions) / Users & Groups. You should see a new account with the expected name, showing "Admin" rather than "Standard".
- If System Settings was already running, you may need to relaunch it in order for your account to show.
|  |
- Launch the Terminal app and run su followed by your new account name e.g.
su uol123-admin
|
- If your password has been set successfully, and you have entered it correctly when prompted by the su command, Terminal will not re-prompt for the password and will switch you to your new account within that window.
- Close Terminal following a successful test of your new credentials.
|