A client asked me about this feature shortly after making this video, and I had a couple more notes I didn't mention in the video that I wanted to call out: - The password is randomized for each computer, a static password that's the same cannot be set - The password is a random, 29 character alpha-numeric string that cannot be customized in any way to be more readable - Once the password is retrieved, it MUST be cycled - The password must be changed by specific intervals (aka 90 days) and can't be done at specific times (like at the end of the year) so each computer not only has a unique password, but a unique password change interval. - All the settings for this a global, meaning you can't have different configurations for different computers. Every computer gets the same configuration. - Biggest of all, this account is not FileVault enabled, meaning you can't login to it on a FileVault enabled computer. Worst off, because of the way the password is cycled, it's basically impossible to setup a script that will make the account FileVault enabled. I'm not trying to push users away from this tool, there's a lot of organizations that this tool is perfect for, but when we're talking to Universities and School Districts that have specific needs for their backdoor admin account, this may not be the best solution.
