Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.getprimo.com/llms.txt

Use this file to discover all available pages before exploring further.

Platform compatibility

macOSWindowsLinuxiOS / iPadOSAndroid

How to set it up

Coming soon: the ability to facilitate privilege escalation (giving temporary administrator access). In the meantime, you can use tools like Privileges and MakeMeAdmin for these actions.
1

Define the admin username

Enter the username of the administrator account to create.
2

Set the account password

  • Random password — generated per device (recommended)
  • Fixed password — identical across all targeted devices
3

Optionally demote non-matching accounts

Enable Demote non-matching accounts to automatically reduce other users to standard access.
4

Save and apply

Save and apply to the relevant device group.

Modifying or removing the control

After activation, the username of the admin account to be created cannot be edited.
To update it, disable the policy then re-enable it with new settings. Disabling the policy stops enforcement but does not delete the administrator account or its password.

How it works

The control creates a local administrator account and stores the password in the Primo cockpit.Removing administrator access — it is not currently possible to remove administrator rights from an account if it is the only one with a SecureToken on the device. SecureToken is a macOS-specific access key required to activate FileVault encryption. Primo is working to support SecureToken transfer to allow this.