I wanted to see what are the options for example a user losing their password login and on the admin side resetting it. I’m aware there is FileVault and giving a recovery key but they messes up specific keychains and some other settings (portnox). I’d like to see if there is a way an admin can assist without that option. I’m planning to do a writeup after suggestions here and have documentation steps for a user.
So it screws up the workflow if you just change the users password in recovery after unlocking the drive? Do you have JAMF connect or PSSO to initiate cloud sync to synchronize the local password and update the keychain?
There are really no other options. User Accounts typically have Secure Tokens which block any method of resetting a user password from CLI (which is what Jamf would use as Apple has no workflow for this in the MDM framework). If you have a second local account with a Secure Token like a local Admin account, that account can be used to reset the password in System Settings.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.