Set the Auto Admin Account Password

By Salur Onural

Learn how to use the Set Auto Admin Password device command.

Required Device TypemacOS
Required Enrollment Status Supervised
Required OS Version
macOS 10.11+

What does this MDM command do?

This command allows you to remotely change the Auto Admin account password, as long as the device is powered on and connected to the network.

If the device is at the FileVault authentication window, the command will not be received.

The Set Auto Admin password command will not update the user's FileVault (shadowhash) password. 

What is an Auto Admin account? 

An Auto Admin account is the MDM configured administrator that can be optionally created during the Automated Device Enrollment process. This account can be configured in Kandji inside of an Auto-Enroll Library item. 

How do I issue this command? 

This command can easily be issued via the Device Action Menu while on a device record.

You will only see the command if it is applicable for the device (based on its enrollment status).
  1. Select a supervised macOS device from the devices page. 
  2. Select the device action menu in the upper left-hand corner.
  3. Click the more (...) button.
  4. Select Set Auto Admin Password.

  5. In the new modal, enter the new password twice, and select Set Auto Admin Password. (You can check the status of the command in the device activity)
With APFS volumes, this MDM command does not update the Auto Admin users SecureToken (FileVault) password.