I've used the script found here: https://github.com/HiveMindAutomation/PasswordChecker previously in an AD-bound environment and it worked WONDERFULLY! I am now in an environment where the Macs are not bound to AD, but they do use JamfConnect to handle passwords. I am trying to get the aforementioned script to work with JamfConnect. I have modified it quite a bit to fit my needs, and all works as designed EXCEPT for the "Change Now" button. It does launch System Preferences as it was originally designed, but I'd like for it to use the Jamf Connect mechanism to handle the password change. My questions are 1) is JamfConnect scriptable at all? and 2) if so, how would I make that Change Now button use JamfConnect instead of System Preferences? Here's the script in its current form:
#!/bin/bash
# Modified from original script found at https://github.com/HiveMindAutomation/PasswordChecker
# The primary modifications are to make the script work in JamfConnect setups where
# the Macs are not bound to AD.
###################### Get current user ########################
CurrentUser=`ls -l /dev/console | cut -d " " -f4`
IDNum=`id -u $CurrentUser`
#Gracefully exit if User is not itsupport
if [[ $CurrentUser = "macadmin" ]]; then
echo "The macadmin account does not expire. Exiting."
exit 0
fi
############# Password Policy and Domain Settings ##############
#set Password Policy
PWPolicy=90
#set Password Notification period
PWNotify=14
###################### Get Password Expiry ########################
################## AVOID MODIFYING THIS SECTION ###################
pwlastset=`defaults read /Users/$CurrentUser/Library/Preferences/com.jamf.connect.state.plist UserPasswordSet`
echo "Password last set = $pwlastset"
#get today's date in Unix time
todayUnix=`echo $(($(date -u +%s)/86400))`
echo "today's unix date = $todayUnix"
#Convert Last Password Change date into Unix Time
lastPWDUnix=$((`echo $(($(date -j -f "%Y-%m-%d %H:%M:%S" "$pwlastset" +%s)/86400))`))
echo "Unix time = $lastPWDUnix"
#Calculate Difference between Today's Date and Last Changed Date
diffUnix=$((todayUnix - lastPWDUnix))
echo "days since PW change = $diffUnix"
#calculate Number of days until password Expiry
expireDays=$((PWPolicy - diffUnix ))
echo $expireDays
##############################################################
###################### User Interface ########################
############## Modify this section as needed #################
#Path on local machine where the logo is stored
logoPath="/Library/Company/Company_icon.png"
#Title of the Window
windowTitle="Company End User Computing"
#Heading of the Window
windowHeading="Your Password is due to expire in $expireDays Days"
#Text to display in the Window
windowText="Your password is due to expire in $expireDays Days. Please Change your password now to avoid account access problems. If you aren't sure how to change your password, please contact the Service Desk for assistance."
#If user Ignores initial Prompt, they will get a second prompt asking to confirm they wish to ignore it
#Heading of the "Confirmation" Window
sureHeading="Are you sure?"
#Text of the "Confirmation" Window
sureText="You have chosen to Ignore this warning. You will continue to be prompted until your password is changed."
#Label for "Cancel" Button
Button1Label="Ignore"
#Label for "Password Change" Button
Button2Label="Change Now"
#Default Button. 0 is "Ignore", 2 is "Change Now"
DefaultButton=0
ADErrorHeading="Something went wrong with Active Directory"
ADErrorText="IT Services have detected a configuration problem on your computer.
Please contact IT Services ASAP to arrange a fix for this issue
[for IT Services: Check AD Bind $Domain]"
ADErrorButton="Oh no!"
##############################################################
##############################################################
#Avoid Modifying the script below this line
##############################################################
#Bomb out if AD Bind is busted
if [[ $pwlastset == "" ]]; then
windowHeading=$ADErrorHeading
windowText=$ADErrorText
Button1Label=$ADErrorButton
"/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper" -windowType utility -title "$windowTitle" -heading "$windowHeading" -alignHeading center -description "$windowText" -alignDescription center -icon "$logoPath" -button1 "$Button1Label" -defaultButton $DefaultButton -cancelButton 0 -lockHUD
exit 1
fi
#Determine if Days until Expiry is less than the Notification period
if [[ $expireDays -le $PWNotify ]]; then
#Prompt User that their password is due to expire soon
RESULT=`"/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper" -windowType utility -title "$windowTitle" -heading "$windowHeading" -alignHeading center -description "$windowText" -alignDescription center -icon "$logoPath" -button1 "$Button1Label" -button2 "$Button2Label" -defaultButton $DefaultButton -cancelButton 0 -lockHUD`
fi
#Take result from prompt to update password and determine next action. Result 0 is "Ignore" and Result 2 is "Change Now"
if [[ $RESULT = 0 ]]; then
#On Ignore, provide user an opportunity to change their mind
windowHeading=$sureHeading
windowText=$sureText
RESULT2=`"/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper" -windowType utility -title "$windowTitle" -heading "$windowHeading" -alignHeading center -description "$windowText" -alignDescription center -icon "$logoPath" -button1 "$Button1Label" -button2 "$Button2Label" -defaultButton $DefaultButton -cancelButton 0 -lockHUD`
elif [[ $RESULT = 2 ]]; then
#open System Preferences -> Accounts preference pane
sudo -u $CurrentUser open /System/Library/PreferencePanes/Accounts.prefPane
fi
#Determine Action for Second Prompt.
if [[ $RESULT2 = 2 ]]; then
#open System Preferences -> Accounts preference pane
sudo -u $CurrentUser open /System/Library/PreferencePanes/Accounts.prefPane
#elif [[ $RESULT2 = 0 ]]; then
#If user ignores a second time
#TODO - Log ignored prompts somewhere for records.
fi
exit 0
Do a search for "change now" to find the relevant sections I'm stuck on.