I have started trying use ADPassMon in my environment, it would solve a lot of the issues I am having with AD password resetting and kerberos tickets all in one go (plus of course KEYCHAIN!), however I am trying to use the forked V2 I have managed to configure the app as required with the password requirements and user notifications etc but my script will not run as it is returning the error error -10810.36:121: execution error: which I believe means it needs to run as the user, however in testing when I ran it as an admin it worked for the user, does anyone have an idea of how I can deploy this or if maybe I am just going about this the wrong way? this is what I want to configure:
Deploy preferences to app for:
Enable version 2 behaviour
Enable Notifications for expiery
User notification of password requirements and acknowledgement
defaults write org.pmbuko.ADPassMon pwPolicy "Please ensure your password is a minimum of 8 characters including at least 1 upper case, 1 lower case & 1 number or symbol"
osascript -e 'tell application "ADPassMon" to quit'
open -a ADPassMon
Add the App to the users login items
osascript -e 'tell application "System Events" to make login item at end with properties {path:"/Applications/ADPassMon", hidden:false}'
Best answer by bpavlov
I don't know about a script but here are the settings I have documented (I believe these are all of the settings) as of v2.0.9:
ADPassMon Behavior: Version 2
<key>isBehaviour2Enabled</key><integer>1</integer><key>selectedBehaviour</key><integer>2</integer>
Method of obtaining maximum password age: Auto
<key>selectedMethod</key><integer>0</integer>
Test this key as it may not be necessary if selectMethod is set to Auto
<key>expireAge</key><integer>0</integer>
Check "Use Notifications"
<key>enableNotifications</key><true/>
"Add To Login Items"
No key exist. This can be accomplished via a LaunchAgent.
"Perform Keychain Lock check at launch?"
<key>enableKeychainLockCheck</key><true/>
How many days before your password expires do you want to be warned? 21
<key>warningDays</key><integer>21</integer>
Check "Allow password change?"
<key>allowPasswordChange</key><true/>
Password Expiration Check Interval: 12 hrs
<key>passwordCheckInterval</key><integer>12</integer>
Policy Requirement message:
defaults write org.pmbuko.ADPassMon pwPolicy "ENTER YOUR MESSAGE HERE."
Lock preferences:
defaults write org.pmbuko.ADPassMon prefsLocked true
And my plist (which I've converted to a config profile) looks like so "org.pmbuko.ADPassMon.plist":
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"><plistversion="1.0"><dict><key>allowPasswordChange</key><true/><key>enableKeychainLockCheck</key><true/><key>enableNotifications</key><true/><key>isBehaviour2Enabled</key><integer>1</integer><key>passwordCheckInterval</key><integer>12</integer><key>prefsLocked</key><true/><key>pwPolicy</key><string>ENTER YOUR MESSAGE HERE.</string><key>selectedBehaviour</key><integer>2</integer><key>selectedMethod</key><integer>0</integer><key>warningDays</key><integer>21</integer></dict></plist>
Hope that helps. And just paging @bentoms as he may be able to provide some pointers too.
defaults write org.pmbuko.ADPassMon pwPolicy "Please ensure your password is a minimum of 8 characters including at least 1 upper case, 1 lower case & 1 number or symbol"
defaults write org.pmbuko.ADPassMon pwPolicy "Please ensure your password is a minimum of 8 characters including at least 1 upper case, 1 lower case & 1 number or symbol"
#!/bin/sh
##### Deploy preferences to app for: ##### Enable version 2 behaviour##### Enable Notifications for expiery##### User notification of password requirements and acknowledgement##### Lock the preferences from user
defaults write org.pmbuko.ADPassMon selectedBehaviour -int 2
defaults write org.pmbuko.ADPassMon enableNotifications true
defaults write org.pmbuko.ADPassMon pwPolicy "Please ensure your password is a minimum of 8 characters including at least 1 upper case, 1 lower case & 1 number or symbol"
defaults write org.pmbuko.ADPassMon pwPolicyButton "Understood"
defaults write org.pmbuko.ADPassMon prefsLocked true##### Restart the app to apply the changes
osascript -e'tell application "ADPassMon" to quit'
open -a ADPassMon
##### Add the App to the users login items
osascript -e'tell application "System Events" to make login item at end with properties {path:"/Applications/ADPassMon", hidden:false}'
I don't know about a script but here are the settings I have documented (I believe these are all of the settings) as of v2.0.9:
ADPassMon Behavior: Version 2
<key>isBehaviour2Enabled</key><integer>1</integer><key>selectedBehaviour</key><integer>2</integer>
Method of obtaining maximum password age: Auto
<key>selectedMethod</key><integer>0</integer>
Test this key as it may not be necessary if selectMethod is set to Auto
<key>expireAge</key><integer>0</integer>
Check "Use Notifications"
<key>enableNotifications</key><true/>
"Add To Login Items"
No key exist. This can be accomplished via a LaunchAgent.
"Perform Keychain Lock check at launch?"
<key>enableKeychainLockCheck</key><true/>
How many days before your password expires do you want to be warned? 21
<key>warningDays</key><integer>21</integer>
Check "Allow password change?"
<key>allowPasswordChange</key><true/>
Password Expiration Check Interval: 12 hrs
<key>passwordCheckInterval</key><integer>12</integer>
Policy Requirement message:
defaults write org.pmbuko.ADPassMon pwPolicy "ENTER YOUR MESSAGE HERE."
Lock preferences:
defaults write org.pmbuko.ADPassMon prefsLocked true
And my plist (which I've converted to a config profile) looks like so "org.pmbuko.ADPassMon.plist":
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"><plistversion="1.0"><dict><key>allowPasswordChange</key><true/><key>enableKeychainLockCheck</key><true/><key>enableNotifications</key><true/><key>isBehaviour2Enabled</key><integer>1</integer><key>passwordCheckInterval</key><integer>12</integer><key>prefsLocked</key><true/><key>pwPolicy</key><string>ENTER YOUR MESSAGE HERE.</string><key>selectedBehaviour</key><integer>2</integer><key>selectedMethod</key><integer>0</integer><key>warningDays</key><integer>21</integer></dict></plist>
Hope that helps. And just paging @bentoms as he may be able to provide some pointers too.
How are you running the script out of curiosity? If it's running as root then I don't believe the settings are being copied to the user's preferences which may be the cause of your problem....
Here is the script I came up with that writes our ADPassMon preference file and writes a launch agent to handle automatically launching ADPassMon. I just run this at login for all of our staff.
Test this out as I tweaked it a bit to remove some things specific to my environment.
#!/bin/bash
#Check for ADPassMon.app and exit if not foundif [ ! -d /Applications/ADPassMon.app ]; thenecho"ADPassMon not found"exit0fi#Check for existing launch agentif [ -f /Users/$3/Library/LaunchAgents/AD.ADPassMon.plist ]; thenecho"LaunchAgent for ADPassMon already exists. Removing..."
rm /Users/$3/Library/LaunchAgents/AD.ADPassMon.plist
fi#Write out a LaunchAgent to launch ADPassMon on login
defaults write /Users/$3/Library/LaunchAgents/AD.ADPassMon.plist Label AD.ADPassMon
defaults write /Users/$3/Library/LaunchAgents/AD.ADPassMon.plist ProgramArguments -array
defaults write /Users/$3/Library/LaunchAgents/AD.ADPassMon.plist RunAtLoad -bool YES
/usr/libexec/PlistBuddy -c "Add ProgramArguments: string /Applications/ADPassMon.app/Contents/MacOS/ADPassMon" /Users/$3/Library/LaunchAgents/AD.ADPassMon.plist
chown -R $3 /Users/$3/Library/LaunchAgents
chmod 644 /Users/$3/Library/LaunchAgents/AD.ADPassMon.plist
echo"Created LaunchAgent to launch ADPassMon on login"#Check for org.pmbuko.ADPassMon.plist and exit if foundif [ -f /Users/$3/Library/Preferences/org.pmbuko.ADPassMon.plist ]; thenecho"org.pmbuko.ADPassMon.plist exists"exit0else
defaults write /Users/$3/Library/Preferences/org.pmbuko.ADPassMon enableNotifications -bool true
defaults write /Users/$3/Library/Preferences/org.pmbuko.ADPassMon expireAge -int 365
defaults write /Users/$3/Library/Preferences/org.pmbuko.ADPassMon selectedMethod -int 1
defaults write /Users/$3/Library/Preferences/org.pmbuko.ADPassMon warningDays -int 14
defaults write /Users/$3/Library/Preferences/org.pmbuko.ADPassMon pwPolicy "Your password needs to be at least 12 characters long and cannot be a password you've used previously."
defaults write /Users/$3/Library/Preferences/org.pmbuko.ADPassMon selectedBehaviour -int 2
defaults write /Users/$3/Library/Preferences/org.pmbuko.ADPassMon prefsLocked -bool true
chown $3 /Users/$3/Library/Preferences/org.pmbuko.ADPassMon.plist
echo"Created /Users/$3/Library/Preferences/org.pmbuko.ADPassMon.plist"fi
Thanks Guys, much appreciated, what I did in the end was log in as a user, configure ADPassMon and then use the exact .plist to create the config profile, that is now working perfectly. @cbrewer thanks very much of the script, I will use the config for now but I do prefer the scripting way of doing this type of thing and thanks to bpavlov for the Tim Sutton website, works a treat!
FWIW.. once I finish with the next release of AutoCasperNBI I'm going to give ADPassMon some love.
The forks will be merged, I also want to have an option to create a PKG from within the app of itself with a LaunchAgent as well as generate a profile for the settings.
Just wondering why on your script the LaunchAgent is being re-created everytime the user login?
Can't I just put the adpasmon launchagent in /Library/LaunchAgents so it starts irrespective of who log in?
Thanks
#!/bin/sh#Check for existing launch agent if [ -f /Users/$3/Library/LaunchAgents/AD.ADPassMon.plist ];
thenecho"LaunchAgent for ADPassMon already exists. Removing..."
rm /Users/$3/Library/LaunchAgents/AD.ADPassMon.plist
fi
We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.