Skip to main content
Question

Change local password on first log in

  • February 18, 2017
  • 4 replies
  • 57 views
tjgriffin
Forum|alt.badge.img+4

Hi,

We have about 700 macs at our school. We have a local admin account and a local student account (mobile account created via the AD binding). We have been requested to add a parent Admin account so parent can make slight changes to parental control settings.

I can see that I can deploy a local admin account via policies. But I would like for a parent to reset the password when they first log in. My plan would be to email the parents the password I set and tell them that they will need to create a new password when they sign in. But I don't want them to go through system preferences.

Any ideas??

Thanks,

    4 replies

    N
    Forum|alt.badge.img+13
    • Nix4Life
    • Honored Contributor
    • February 19, 2017

    Hi @iamgriffin

    If you are comfortable with the command line, you could put together a policy using 'pwpolicy' command. I have been using the following for staff Macbook Pros since December as part of a setup/first boot script .You are forcing a password expire and the user has to change it at next login

    pwpolicy -a adminuser -u usertoforcechange -setpolicy "newPasswordRequired=1"
    tjgriffin
    Forum|alt.badge.img+4
    • tjgriffin
    • Author
    • Contributor
    • February 19, 2017

    @LSinNY Thanks, I'll test it out. But that sounds like exactly what I needed.

    S
    Forum|alt.badge.img+3
    • StarBlazer
    • New Contributor
    • November 13, 2017

    Hi,

    Newbie here, please excuse my lack of scripting knowledge.

    I too have the same need and when I ran the script from terminal I got the error below:

    Password for authenticator administer:
    Warning: unable to authenticate as <adminuser>
    Error: root privileges or authenticator required

    I tried it with sudo in front and without.

    burdett
    Forum|alt.badge.img+7
    • burdett
    • Valued Contributor
    • November 14, 2017

    try replacing admin user with your admin account. something like this;
    pwpolicy -a jhfc-adm -u usertoforcechange -setpolicy "newPasswordRequired=1"

    I'm assuming that jhfc-adm is your admin account

    Terms & ConditionsCookie settingsAccessibility statement