Do Macintosh agent deployments require a local account?
If a Mac is joined to the domain, then can a domain admin account be used to deploy the Kace agent?
Our Mac's are on the domain and have the Domain Admins as well as a domain admin service account as administrators when you go through the Macintosh Directory Utility deal to join it to the domain. But if I deploy using a domain admin account that is an admin on the Mac, it fails. If I deploy using a local admin on the Mac, it succeeds.
Thanks
0 Comments
[ + ] Show comments
Answers (1)
Please log in to answer
Posted by:
SMal.tmcc
8 years ago
Macs get a cert from the domain when you join. when you image that is a different machine so the cert is invalid and domain credentials are useless. create your mac master with the local user and then use a post task to join it to the domain.
Comments:
-
Thanks for the response. This isn't for images though. With regard to existing Macs that are already joined to the domain, we're hoping there's a way to deploy the agent using a domain account instead of a local account.
If we use a local account, then any end user who has admin rights (not my choice), will be able to change the password of the account we want to use to deploy with. - murbot 8 years ago
