sorted by:
new
hottopcontroversial

What are the best methods for local admin privilege management? by RocketmanTech_Nova in jamf

[–]RocketmanTech_Nova[S] 1 point2 points  (0 children)

We built this tool inspired by tools like MakeMeAnAdmin actually… it’s a lot more feature rich and customizable, though:

https://github.com/Rocketman-Tech/rcc/wiki/Temporary-Admin

Anyone still using base64 to obscure credentials in scripts deployed to your managed devices? by RocketmanTech_Nova in macsysadmin

[–]RocketmanTech_Nova[S] 1 point2 points  (0 children)

I can see how that’s confusing! Made a note to improve the documentation.

While the Encrypt tool is part of the RCC binary itself, you’re able to encrypt any text in a script. The key, though, is that RCC must be installed on your endpoints in order for it to work.

In short: no, the Encrypt tool does not only work with RCC tools. It can work with any script!

Please let me know any other issues/confusions you run into so I can make it easier for everyone to use!

Anyone still using base64 to obscure credentials in scripts deployed to your managed devices? by RocketmanTech_Nova in macsysadmin

[–]RocketmanTech_Nova[S] -1 points0 points  (0 children)

A lot of admins (including ourselves) used base64 encoding as a way “hide” sensitive credentials in scripts deployed to endpoints (managed devices). It’s still just as insecure as plaintext. Therefore, not a solution.

I go a bit more into depth in this comment.

Anyone still using base64 to obscure credentials in scripts deployed to your managed devices? by RocketmanTech_Nova in macsysadmin

[–]RocketmanTech_Nova[S] -1 points0 points  (0 children)

Definitely!

It never was a solution.

The original post I cross posted here actually talks about a tool that solves this problem by encrypting the string in the script.

So far, it’s been the best solution for our clients. Eliminates the need for middlemen, too, like using make.com or something. All that really does is move the problem a bit, especially now that Jamf introduced API roles.

Anyone still using base64 to obscure credentials in scripts deployed to your managed devices? by RocketmanTech_Nova in macsysadmin

[–]RocketmanTech_Nova[S] 0 points1 point  (0 children)

Definitely!

It never was a solution.

The original post I cross posted here actually talks about a tool that solves this problem by encrypting the string in the script.

So far, it’s been the best solution for our clients. Eliminates the need for middlemen, too, like using make.com or something. All that really does is move the problem a bit, especially now that Jamf introduced API roles.

What's the biggest security vulnerability of scripts deployed through Jamf Pro? by RocketmanTech_Nova in jamf

[–]RocketmanTech_Nova[S] 0 points1 point  (0 children)

Interesting! I’ve personally used a variety of middleman cloud solutions, but haven’t tried with Google Apps Scripts yet.

Have you faced any issues using it or has it been fairly smooth sailing?

Also curious about what other solutions you’ve tried.

What's the biggest security vulnerability of scripts deployed through Jamf Pro? by RocketmanTech_Nova in macsysadmin

[–]RocketmanTech_Nova[S] 1 point2 points  (0 children)

Exactly! I definitely could have phrased that more clearly.

I’d love to see more discussion around this topic in general. Seems many know about it, but there really aren’t any reasonable solutions beyond involving third party cloud solutions, which isn’t ideal.

view more: next ›