Admin Password management (MDM Command - macOS)
What
The Admin Password Management command lets FileWave change the managed local admin password on eligible macOS devices through MDM. Use it for the admin account that FileWave created during Automated Device Enrollment (DEP/ADE), without needing physical access to the Mac.
When/Why
When to use this:
- Security rotation: Change managed admin passwords on a schedule that matches your organization's policy.
- Suspected exposure: Rotate the password if someone who should not know it may have had access.
- Staff changes: Update the password when IT staff with admin access leave or change roles.
- Compliance: Keep local admin credentials aligned with internal or regulatory password requirements.
Why use this feature:
- Remote password reset: Change the managed admin password across selected Macs from FileWave Central.
- Less hands-on work: Avoid touching each device when the only required change is the local admin password.
- Controlled access: Keep the managed admin credential current without changing unrelated user accounts.
How
Prerequisites
- Enrollment: The Mac must be enrolled through Automated Device Enrollment (DEP/ADE).
- Apple OS/hardware: The device must be an Apple silicon Mac running macOS 15.0 or later.
- Managed admin account: The admin account must have been created during DEP/ADE enrollment using the profile options.
If you create the admin account required for this feature, also review Bootstrap Token Management on macOS.
Steps to change the admin password
- In FileWave Central, select the Mac, then choose MDM > Change Admin Password... from the device context menu.
Important notes
- Secure delivery: FileWave sends the new password through the MDM command channel.
- User impact: Changing the admin password can affect scripts, services, or workflows that still rely on the old credential.
- Team communication: Tell other IT staff when the managed admin password changes so they do not keep using the old value.
Common questions
If you are looking for a way to reset a Mac's managed local admin password, rotate a DEP-created admin password, or change an ADE admin account password remotely, use the Change Admin Password MDM command from FileWave Central.
A consideration: If an admin user account is created during DEP enrollment, then, per https://kb.filewave.com/books/macos/page/bootstrap-token-management-on-macos, the Bootstrap Token Management will be affected as the SetBootstrapToken request will not be sent.
In reply to #1
Thanks Sean. I added a note and a link to that other article for people to consider that and did a quick search to make sure that hasn't changed with Sequoia. It seems to have not changed.
No comments to display
No comments to display