Help

Account Lockout Duration

sdb2029
New Contributor II

Posted on ‎08-24-2017 10:41 AM

Hey guys,
We just lost our mac admin, and I've been trying to fill the role as best I can. Right now, we have a Configuration Profile pushing down a Passcode payload. The accounts lock out after 4 bad attempts, but does not automatically unlock after a certain amount of time. We used to have this all set up through a script rather than a Configuration Profile. Is there any way to set it so that auto unlocks after 30 minutes or so? Most of my search results are dealing with Active Directory, but our macs are not domain joined.

0 Kudos
Reply
3 REPLIES 3

wesleya
Contributor

Posted on ‎08-24-2017 11:33 AM

Can you find the script you used anywhere?

Under the Passcode Configuration Profile I see an option to "Delay after failed login attempts (Not compatible with macOS v10.11 or later)", but that would only work with Yosemite or earlier. You could possibly increase the maximum number of attempts too.

0 Kudos
Reply

sdb2029
New Contributor II

Posted on ‎08-24-2017 11:42 AM

I do still have the old script. I'm hesitant to use it because I know that there were a lot of issues with people getting locked out even though they didn't enter their password incorrectly. I believe there were some bugs in OSX that complicated this. We are on Sierra now.

0 Kudos
Reply

gachowski
Valued Contributor II

Posted on ‎08-24-2017 01:03 PM

Here is the thread with the "new" Apple pwpolicy using xml. However like you said there are bugs.

https://www.jamf.com/jamf-nation/discussions/18574/user-password-policies-on-non-ad-machines

0 Kudos
Reply