Notes about Disconnected Account Management

Duplicate System Resolution

If multiple endpoints are enrolled in the same list and both report the same non-blank DNS name, IP address, and MAC address, the machine ID information stored on the server will be merged into a single entry. This happens by removing the data for all but the most recently created machine ID. If both endpoints are valid systems, they will continue to change the local password and update the offline secret, but the duplicate entries will not be shown in the web application.

OS X Endpoints

Apple OS X has a root account that by default does not have a password. The single-user installation case makes the user created at setup able to access all root permissions using sudo. Users on OS X are typically managed using the dscl command to target users in the /Users directory.

Because there is no standard default user on OS X, the LocalAccountName parameter should be set in settings.json to target a specific user on that endpoint machine.

The Python script can still be run as root on OS X by installing the script using sudo. This prevents other users from being able to read/write/execute the files without root permissions.

Python 2.6.x

While Python 2.6.x is supported on the endpoint, SSL security context was not implemented in this version of Python. Therefore, if SSL is enabled on the web service host, its SSL certificate will not be validated by a client endpoint using Python 2.6. Also, if the web service requires SSL functionality such as client certificate validation or Integrated Windows Authentication, the endpoint will fail. We recommend using the most current version of Python to avoid these errors.

Additional Resources