Local Administrator Password Management for Mac

Whether to prevent a malicious attacker from moving throughout your network, or to prevent a user from elevating their privilege or worse getting privilege on someone else’s machine, you must have a strategy for keeping a secure local admin password for each endpoint.

What is Local Administrator Password Management (LAPM)?

The practice or reusing the same local admin password for every endpoint, and rarely, if ever, changing it continues to be common among businesses of all sizes. The Centrify Identity Platform gives IT organizations a simple and effective means to create and manage unique local administrator passwords for each Mac in their environment. Passwords are securely stored in the Centrify Privilege Service and authorized users can check out the local admin password for remote management or to temporarily grant admin rights to the device’s primary user.

Unique Admin Password

Prevent the use of the same administrator password for each endpoint

Authorize Access

Authorized admins can request access

Maintain Security

Password rotation to eliminate static local admin passwords

How Does Centrify’s LAPM Solution Work?

Account creation and management is enabled by setting a simple MDM policy. The admin can choose whether to create a managed local admin account and is given the opportunity to set the name for the account. By setting the name to an existing account name, IT can take over an existing account that may currently be using a static password used across many endpoints. When the Mac is enrolled for management with the Centrify Endpoint Service, a local admin account will be either created or the existing account will be taken over. The password for the account will be securely and randomly generated on the endpoint and communicated to the Centrify Privilege Service for secure storage. When an administrator or end user needs to get access to the account they can simply checkout the current password from the portal.

Local Account Password Management example

Benefits of Local Administrator Password Management


Eliminate the practice of using the same admin password across all endpoints


Ensure past IT admins no longer have access after they have departed


Authorize access for approved users


Audit access requests to endpoint local admin accounts