Set local machine password policies?

In Configuration Profiles is a Passcode section. I don't use it, but it looks like normal password policy stuff your looking for.

Check what dpertschi said. There used to be the command line util pwpolicy, but that was killed off in Lion. If you only need to change the policy for specific, existing local users, you could use Workgroup Manager to edit the local directory. Obviously this would change files stored on the system somewhere, so you could try to figure out the changes using a utility like fseventer and then script to replicate.

I think pwpolicy still works, at least it seems to on my machines.

whereis pwpolicy

I have a template script you can use to set local password policy within Casper by a bunch of the pwpolicy commands. Feel free to use if helpful:

https://github.com/clifhirtle/casper/blob/master/scripts/passwordPolicy.sh

Clif,

I was a bit vague in my earlier comments--sorry. I haven't touched this since last year, when I was trying to prevent down a local user from changing their password in 10.7 (.4 I believe). My finding was that while the binary was there, it had no effect. I brought it up on the MacEnterprise mailing list and one other person said they were seeing the same. I haven't tried it since then, but from your script it appears like it is now apparently working again, so that's great!

Thanks,
Eric

OK, another follow-up. Did some more testing and it looks like global policies work and some user policies as well. However, the canModifyPasswordforSelf policy still is not honored, as I had found before. Bummer.

We are investigating, local password too, My 1st plan was to use Profiles, however there are issues with X.8 and the password settings. Apple recommend pw, and there are usability issues with that. : )

We are waiting for X.9, I heard somewhere that, X.9 is going to match the iOS with Profiles support : )

C