Technical professionals. Trusted advisors. Certified expertise.
It is not uncommon for Mac users to login with local user accounts, even in a directory environment. The question becomes, how do we enforce password policies on those local accounts? There are many schools of thought on this but here is how I did it recently with the combination of a configuration payload and a simple script.
1. Create a Configuration Profile with a Passcode payload.
2. Configure the settings you desire.
3. Scope appropriately
While this configures the settings, there is no option in the payload to enforce it. It will only enforce if a user decides to change his/her password or a new user is created. So you can add a simple script with the pwpolicy command.
Create a policy with a Script payload and a Restart Options payload. In the Restart Options payload, set the "User Logged In Action" to Restart and a delay of your choice. In your script, include the following:
#!/bin/bash
pwpolicy -u $3 -setpolicy "newPasswordRequired=1"
-A few notes:
Apple has officially deprecated the -setpolicy option but it still works perfectly in High Sierra (10.13.3 as of this writing).
The $3 in this script is a parameter specific to Jamf Pro. Because -setpolicy needs to know what user requires a new password, the $3 pulls username information from the computer. See the following Jamf Nation article for more: https://www.jamf.com/jamf-nation/articles/146/script-parameters
At the next login, the user will be prompted to create and verify a new password with the parmeters of your passcode configuration profile.
When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.
80 Orville Drive Suite 100
Bohemia, NY 11716
Tel: (866) 518-9672
This email address is being protected from spambots. You need JavaScript enabled to view it.
65 High Ridge Road #510
Stamford, CT 06905
Tel: (866) 518-9672
This email address is being protected from spambots. You need JavaScript enabled to view it.
3321 SW 194th Terrace
Miramar, FL 33029
Tel: (866) 518-9672
This email address is being protected from spambots. You need JavaScript enabled to view it.
218 Barksdale Drive
Broussard LA 70518
This email address is being protected from spambots. You need JavaScript enabled to view it.
4 Knollwood Place
Joliet, IL 60433
This email address is being protected from spambots. You need JavaScript enabled to view it.
10 Grosvenor Court
Rayners Road
London SW15 2AX UK
© Copyright 2023, HCS Technology Group. All Rights Reserved.