Skip to main content
Question

Forcing a Password Reset

  • June 25, 2019
  • 5 replies
  • 30 views
Z
Forum|alt.badge.img+3
  • zake
  • New Contributor
  • 7 replies

Hello,

I want to enforce a password policy with existing computers. After creating the configuration profile. How do I go about forcing the user to reset their password to something that satisfies the password profile. Also taking into account that there is a hidden localadmin account on the machine and I do not want that account to be asked to change the password. Just the employees user account.

Any thoughts?

Thanks

    5 replies

    S
    Forum|alt.badge.img+8
    • seraphina
    • Valued Contributor
    • 97 replies
    • June 25, 2019

    There are a couple of ways to do this. In jamf $3 refers to current user, or you can get the current user from terminal commands or python.

    If the command is being run with sudo

    #!/bin/bash
CURRENTUSER=$(/usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");')
pwpolicy -u "$CURRENTUSER" -setpolicy "newPasswordRequired=1"

    If the configuration profile is set, enforcing a certain password complexity, this will obey your profile.
    Without sudo you will need an "authenticator", so the password will be stored in plain text which is not ideal. This policy also does not prevent them from making the password the same, so make sure your configuration profile forces a level of complexity you would like them to have. You can also set a password expiration policy with pwpolicy as well. Check the man pages for more info 

    #!/bin/bash
CURRENTUSER=$(/usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");')
pwpolicy -a adminUser -p adminPassword -u "$CURRENTUSER" -setpolicy "newPasswordRequired=1"

    T
    Forum|alt.badge.img
    • techtech
    • New Contributor
    • 1 reply
    • September 20, 2019

    Is it possible to force a password reset using jamf now?

    E
    Forum|alt.badge.img+1
    • edouard
    • New Contributor
    • 2 replies
    • December 16, 2021

    is there a solution for macOS 12 Monterey as this script has python in it?

    E
    Forum|alt.badge.img+1
    • edouard
    • New Contributor
    • 2 replies
    • January 26, 2022

    is there a solution for macOS 12 Monterey as this script has python in it?


    all of a sudden, the script works again.

    T
    Forum|alt.badge.img+21
    • tkimpton
    • Honored Contributor
    • 970 replies
    • September 22, 2022

    Does this also update filevault?


    Terms & ConditionsCookie settingsAccessibility statement