Exclude user from Config Profile Password Policy

Hi Liam,

I have just run into the same issue at our company, where we want/need to exclude an administrative account on the Mac from the password policy. Did you happen to find a solution for your problem?

Thank you in advance,
Jens

We've running into a similar issue both with our localadmin account trying to run it and if the computer sits idle at the login screen through the root account. We only want it to run for a user account and not for any others. When I exclude it the policy won't run because it's been told to not run on any computers with "root" or "localadmin"

yes I would like to exclude a particular hidden admin account from our restriction configuration profile. Is it possible?

I looked into this a few years ago and was told that the only local user that you could scope "user level" configuration profiles to was the MDM capable user. My understanding at the time was that you could scope a profile to that user, but you couldn't use it as an exception (because this would be like scoping it to multiple users).

Like I said, this was a few years ago, I don't know if things have changed since then or not.

We have this same issue. Is there still no fix??

Same - any solution anyone is aware of?

Hi guys,
Any solution to use a Computer Level config profile and exclude some local users from this CP?

I've tested with User Level and it worked but some machines have 2 or more local users (shared computer), so only 1 user per time can be MDM Capable and consequently will receive the profile. When first user logoff, for example, the second user can login and need to become MDM capable (using -userLevelMdm or enroll again) to receive the config profile for Passcode. Is there anyway to force 2 or more local users are listed on MDM Capable Users? I think using User Lever in this scenario it's not the best approach.