Jamf Nation Community

#!/bin/sh

Deploy preferences to app for:

Enable version 2 behaviour

Enable Notifications for expiery

User notification of password requirements and acknowledgement

Lock the preferences from user

defaults write org.pmbuko.ADPassMon selectedBehaviour -int 2

defaults write org.pmbuko.ADPassMon enableNotifications true

defaults write org.pmbuko.ADPassMon pwPolicy "Please ensure your password is a minimum of 8 characters including at least 1 upper case, 1 lower case & 1 number or symbol"

defaults write org.pmbuko.ADPassMon pwPolicyButton "Understood"

defaults write org.pmbuko.ADPassMon prefsLocked true

Restart the app to apply the changes

osascript -e 'tell application "ADPassMon" to quit'

open -a ADPassMon

Add the App to the users login items

osascript -e 'tell application "System Events" to make login item at end with properties {path:"/Applications/ADPassMon", hidden:false}'

#!/bin/sh

##### Deploy preferences to app for: 
##### Enable version 2 behaviour
##### Enable Notifications for expiery
##### User notification of password requirements and acknowledgement
##### Lock the preferences from user 

defaults write org.pmbuko.ADPassMon selectedBehaviour -int 2

defaults write org.pmbuko.ADPassMon enableNotifications true

defaults write org.pmbuko.ADPassMon pwPolicy "Please ensure your password is a minimum of 8 characters including at least 1 upper case, 1 lower case & 1 number or symbol"

defaults write org.pmbuko.ADPassMon pwPolicyButton "Understood"

defaults write org.pmbuko.ADPassMon prefsLocked true

##### Restart the app to apply the changes

osascript -e 'tell application "ADPassMon" to quit'

open -a ADPassMon

##### Add the App to the users login items 

osascript -e 'tell application "System Events" to make login item at end with properties {path:"/Applications/ADPassMon", hidden:false}'

3rd time lucky.....

How are you running the script out of curiosity? If it's running as root then I don't believe the settings are being copied to the user's preferences which may be the cause of your problem....

hi bpavlov, thanks, I uploaded the script to the jss and tried to push it to a smart computer group that has the ADPassMon app already installed.

When you are deploying the above .plist I take it you have it running as a .dmg for FUT and FEU?

I converted that plist into a profile using MCXtoProfile: https://github.com/timsutton/mcxToProfile

Then you can apply that configuration profile to whatever computer you want via Casper.

Thanks!, I am trying that now to see how it works, had to get my head around how the MCX creator worked.

I have tried it but is seems the app is still staying on version 2, the prefs are still unlocked, the pwPolicy is working though....

Here is the script I came up with that writes our ADPassMon preference file and writes a launch agent to handle automatically launching ADPassMon. I just run this at login for all of our staff.

Test this out as I tweaked it a bit to remove some things specific to my environment.

#!/bin/bash

#Check for ADPassMon.app and exit if not found
if [ ! -d /Applications/ADPassMon.app ]; then
    echo "ADPassMon not found"
    exit 0
fi

#Check for existing launch agent
if [ -f /Users/$3/Library/LaunchAgents/AD.ADPassMon.plist ]; then
    echo "LaunchAgent for ADPassMon already exists. Removing..."
    rm /Users/$3/Library/LaunchAgents/AD.ADPassMon.plist
fi

#Write out a LaunchAgent to launch ADPassMon on login
defaults write /Users/$3/Library/LaunchAgents/AD.ADPassMon.plist Label AD.ADPassMon
defaults write /Users/$3/Library/LaunchAgents/AD.ADPassMon.plist ProgramArguments -array
defaults write /Users/$3/Library/LaunchAgents/AD.ADPassMon.plist RunAtLoad -bool YES
/usr/libexec/PlistBuddy -c "Add ProgramArguments: string /Applications/ADPassMon.app/Contents/MacOS/ADPassMon" /Users/$3/Library/LaunchAgents/AD.ADPassMon.plist
chown -R $3 /Users/$3/Library/LaunchAgents
chmod 644 /Users/$3/Library/LaunchAgents/AD.ADPassMon.plist
echo "Created LaunchAgent to launch ADPassMon on login"

#Check for org.pmbuko.ADPassMon.plist and exit if found
if [ -f /Users/$3/Library/Preferences/org.pmbuko.ADPassMon.plist ]; then
    echo "org.pmbuko.ADPassMon.plist exists"
    exit 0
else
    defaults write /Users/$3/Library/Preferences/org.pmbuko.ADPassMon enableNotifications -bool true
    defaults write /Users/$3/Library/Preferences/org.pmbuko.ADPassMon expireAge -int 365
    defaults write /Users/$3/Library/Preferences/org.pmbuko.ADPassMon selectedMethod -int 1
    defaults write /Users/$3/Library/Preferences/org.pmbuko.ADPassMon warningDays -int 14
    defaults write /Users/$3/Library/Preferences/org.pmbuko.ADPassMon pwPolicy "Your password needs to be at least 12 characters long and cannot be a password you've used previously."
    defaults write /Users/$3/Library/Preferences/org.pmbuko.ADPassMon selectedBehaviour -int 2
    defaults write /Users/$3/Library/Preferences/org.pmbuko.ADPassMon prefsLocked -bool true
    chown $3 /Users/$3/Library/Preferences/org.pmbuko.ADPassMon.plist
    echo "Created /Users/$3/Library/Preferences/org.pmbuko.ADPassMon.plist"
fi

Thanks Guys, much appreciated, what I did in the end was log in as a user, configure ADPassMon and then use the exact .plist to create the config profile, that is now working perfectly. @cbrewer thanks very much of the script, I will use the config for now but I do prefer the scripting way of doing this type of thing and thanks to bpavlov for the Tim Sutton website, works a treat!

Hi All,

FWIW.. once I finish with the next release of AutoCasperNBI I'm going to give ADPassMon some love.

The forks will be merged, I also want to have an option to create a PKG from within the app of itself with a LaunchAgent as well as generate a profile for the settings.

That should resolve most of these issues I hope!

Any other ideas, please post here

<----- insert praising hands emoticon here :)

Hi @cbrewer,

Sorry for bringing up an old thread,

Just wondering why on your script the LaunchAgent is being re-created everytime the user login?

Can't I just put the adpasmon launchagent in /Library/LaunchAgents so it starts irrespective of who log in?

Thanks

#!/bin/sh
#Check for existing launch agent 
if [ -f /Users/$3/Library/LaunchAgents/AD.ADPassMon.plist ]; 
then echo "LaunchAgent for ADPassMon already exists. Removing..." 
rm /Users/$3/Library/LaunchAgents/AD.ADPassMon.plist 
fi

@khey It certainly can be in /Library/LaunchAgents/ & i'm sure @cbrewer does this now.. (this is an old thread)..

FWIW, the ADPassMon Wiki now has some example LaunchAgents

Implemented this today using ADPassMon and KerbMinder using information from this thread.

Didn't see this documented anywhere but for those using KerbMinder and plist you can add the following to automatically enable KerbMinder.

defaults write /Users/$3/Library/Preferences/org.pmbuko.ADPassMon enableKerbMinder -bool true