We recently discovered that some of our current local admin accounts on macOS devices are using the same password.
Is there a way to rotate these passwords and prevent credential misuse in the future?
We recently discovered that some of our current local admin accounts on macOS devices are using the same password.
Is there a way to rotate these passwords and prevent credential misuse in the future?
Hi @zayn_nj ,
You can use Local Administrator Password Solution (LAPS) for macOS in Hexnode UEM to enforce automatic password rotation for local admin accounts. This ensures each device has a unique admin password.
For existing local admin accounts, Hexnode UEM provides Advanced LAPS configuration, which allows administrators to:
This approach eliminates password reuse and reduces the risk of credential misuse across devices.
Best Regards,
Isabel Lora
Hexnode Expert
Oh, so password rotation is possible for existing local admin accounts as well? I thought it could only be configured only for new admin accounts.
Yes, @ace_98 ! Password rotation works for both existing and newly created local admin accounts, as long as the accounts are brought under LAPS management.
Best Regards,
Isabel Lora
Hexnode Expert
Okay, got it! But where can admins retrieve the rotated passwords?
Rotated passwords are accessible in the Hexnode UEM console:
Go to Manage → Devices.
Select the macOS device.
Open Device Details > Local Accounts > LAPS section (visible only if LAPS is configured and applied).
Access is controlled through role-based access control (RBAC), ensuring only authorized admins with the necessary permissions can retrieve the credentials.
Best Regards,
Isabel Lora
Hexnode Expert
Just being a bit curious! I was about to configure Advanced LAPS, but I saw Basic LAPS listed. What exactly is Basic LAPS, how is it different from Advanced LAPS?
Hey @haanaa ! In Hexnode UEM, Basic and Advanced LAPS are two sections of macOS LAPS configuration, each designed for different levels of control and flexibility.
1. Basic LAPS
Basic LAPS is designed for minimal-configuration with pre-configured settings and includes the following behaviour:
Basic LAPS is ideal for quick and standard deployments.
2. Advanced LAPS
Advanced LAPS provides additional flexibility and control, and supports:
Advanced LAPS is recommended for organizations requiring full control over password management.
For more information, please refer to our help doc: Configure LAPS for macOS devices via Hexnode UEM.
Best Regards,
Isabel Lora
Hexnode Expert
Don't have an account? Sign up