+17I wonder anyone had to do this? Due to company policy we need to reset local admin pw every few months (pain) or workaround; add the hostname at the end of the local admin pw (this way every mac will have unique ladmin pw). Any scripting gods out there to tell me this is doable or can Casper do this?
Example;
Hostname: mac12345
Local admin (short name: ladmin) pw: password
After script or Casper trick (perhaps after reboot) local admin pw: passwordmac12345
Thanks in advance.
Cem
+24Why not just have Casper spin your passwords for you. When you actually
need to know a password, you can then spin it to something known.
--
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436
+31Well,
I agree with Jared on this one, but if you need to add the host name, you can do it these ways. Do note that if you use the command `hostname` it will include the .local in it, so I am going to use a different method to get the computer name.
as root run:
dscl . passwd /Users/localadmin passwordnetworksetup -getcomputername
from casper
/usr/sbin/jamf resetPassword -username ladmin -password passwordnetworksetup -getcomputername
Some caveats to be aware of, as I have had to do mass admin password changes before this will not change any passwords in that user's keychain. In fact, in my opinion, if you are going to do mass password changes, go ahead and just delete the keychain along with it.
-Tom
+17Casper only spins it's own management account pw. Which I can adapt and delete the admin account, which we use it for ARD.
2 things concerns me here:
If password spinning how ARD going to work?
Since I have upgraded to v7.31 my configuration management account in Casper Admin stopped working!! If I choose instadmg image without account embedded, I am expecting account will be created as I have chosen that option ... But it doesn't! So I have tried to run quick add pkg at the imaging time but that doesn't create an account either (but works after imaging).
Am I missing something here??
Sent from my iPhone
+17I have tried the first option at the imaging point but didn't work. I was using instadmg create account package and if I use the command as script at reboot, it just breaks the pw and I can't login to Mac. Does this command only works after login to Account first and at second reboot? If yes, how can I trigger the script at second reboot?
#!/bin/bash
sudo dscl . passwd /Users/localadmin passwordnetworksetup -getcomputername
Cem
Sent from my iPhone
+17Well I now learnt, if you work offline with Casper Admin it doesn't work properly that is why I had issues. Everything works as it should be if you work online.
Still though spinning a password through JSS policy will only help for managed clients. In our environment we have some Macs that Casper is not managing them (jamf framework removed SAN's & Servers etc..), so we need ARD enabled admin account. I will try Tom's method on those ones....
Sent from my iPad
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
