Every organization has different needs when it comes to keeping track of its technology. Especially for organizationally-owned computers, knowing that you can decrypt and log into your Macs is important for repurposing and redeployment. A common solution to this problem would be a Deployed Admin Account.
What is a Deployed Admin Account?
These admin accounts have fixed credentials (something like "acme_admin" and a secure password) that only a small number of individuals at an organization know. Those individuals can support their users by helping with tasks that require administrative privileges, like changing settings and installing or removing applications. Perhaps more importantly, these accounts can be used to boot up a Mac encrypted with FileVault if no other user account has permission. By having access to this powerful account, you can ensure you can access Macs owned by your organization and support your team if they come to you with questions about their technology.
PROS
- Greatly increases the likelihood of being able to access a company-owned Mac for data retrieval and preservation should the primary user account be inaccessible
- Allows approved individuals to perform administrative tasks on organization computers
- If you need to share this password with a user in case of emergency, you can contact Ntiva and we can quickly and securely rotate it to a new value.
CONS
- This can be a security risk should the password be disseminated to staff or documented insecurely. Anyone with knowledge of this password will have administrative access to your team's Macs, so it's imperative it only be shared with authorized individauls and rotated to a new value if it needs to be disclosed to anyone else.
Feel free to discuss with your Account Manager whether Deployed Admin Accounts are appropriate for your organization. Whether you want to be able to handle administrative requests for your team onsite or want to ensure you can access organization-owned Macs, there are a lot of great reasons to consider deploying these accounts.
Comments
0 comments
Please sign in to leave a comment.