ADPassMon Step by Step

billystanton
New Contributor II

Hi All,

Is there a Step by Step guide to ADPassMon?

It seems a little complex to setup, though looks like something we could benefit from here.

We have a problem in that people do not reset their passwords until after they've expired. They then get keychain errors because IT have to reset it manually.

They also cannot reset passwords offsite as they have no access to the DC.

Thanks

Bill

19 REPLIES 19

bwiessner
Contributor II

@billystanton

Shoot me an email - bwiessner@me.com. I have a few pointers.

bentoms
Release Candidate Programs Tester

@billystanton I added a deployment section to the wiki a couple of weeks ago, it's here.

Does it help at all?

@bwiessner Can you have a look too & possibly file a PR with some recommendations?

billystanton
New Contributor II

Hi,

thanks both!

I think I am struggling with the LaunchDaemon part..

I want persistant to run, but not sure how to get this onto the users machine?

Thanks

Bill

billystanton
New Contributor II

Actually also struggling with setting the settings ourself as an IT department, and then stopping the user from amending them?

bentoms
Release Candidate Programs Tester

@billystanton

  1. You'll want to make a plist with something like this. (Changing the path if the app is not in /Applications/)
  2. Copy that into a blank TextWrangler document & save as org.pmbuko.ADPassMon.plist.
  3. Save it to /Library/LaunchAgents/
  4. Set the owner to root (sudo chown root /Library/LaunchAgents/org.pmbuko.ADPassMon.plist)
  5. Set the mode to 644 (sudo chmod 644 /Library/LaunchAgents/org.pmbuko.ADPassMon.plist)
  6. Test, logout then back in as a Mac & ADPassMon should launch & not be able to be quit.
  7. Once verified working, package in Composer as a DMG/PKG & deploy with ADPassMon.app

billystanton
New Contributor II

Thank you!

Apologies if its a simple question!

Will give this a go tomorrow and report back!

billystanton
New Contributor II

What would I call the Plist file??

bentoms
Release Candidate Programs Tester

@billystanton This should lock the preferences.

FWIW, i'm going to be re-writing ADPassMon in python at some point.. I also plan it to have an admin app to help set the prefs & package it.

Just need time, a lot of it.

billystanton
New Contributor II

Thank you!

I will play around with this tomorrow.

Thanks again

Bill

itupshot
Contributor II

@bentoms In the "Deployment" section of the wiki, it says:
9e7d8e93e3d24112ad4b702c98c49ec9

I tried this on my test system and I got the following:
d67bbe175a26455793267b8ba7921b38

When I logged in as an AD user it launched and asked for an admin name and password. Will I have to enter these on deployments?

bentoms
Release Candidate Programs Tester

@itupshot Safari adds the quarantine flag. I guess other browsers may not.

The admin prompt, that's odd. Did it ask for assistive devices or something?

itupshot
Contributor II

@bentoms When I logged in as another network (AD) user, and tried to use the "Change Password..." it asked:

bd60a7f84ccb4fc8ade189c2912afbe3

Then it took me to the Security and Privacy prefpane where I had to enter the local admin password to allow it. Is this normal? Is it because I selected to change password using Native OS instead of ADPassMon?

4bbb32c0b5434e8c86b1e0dabea06a1e

bentoms
Release Candidate Programs Tester

@itupshot ah. Yep. That will be as you've used Native OS & not ADPassMon change method.

itupshot
Contributor II

@bentoms OK, so then I should make the default "Use ADPassMon" so all my AD users don't get this prompt if they want to change their password from the menu (they don't have admin privileges). Correct?

bentoms
Release Candidate Programs Tester

@itupshot yep.

I wasn't happy with the users & groups thing. So I added the ADPassMon method to my fork.

itupshot
Contributor II

@bentoms Should I be worried about that com.apple.quarantine error? Is it a file I should find somewhere on the system?

The reason you see an "admin$" prompt is because I always install new software, and run the Casper Suite tools for packaging them up using the local admin account.

Will the app eliminate the "Local Items" keychain prompts? The documentation mentions working with the "Login" keychain, but nothing about the "Local Items" keychain.

Is there a way to hide these options from the menu?
c12375e65bbf405f83ad9286f8d9eeb9

AdamH
New Contributor II

This seems like a cool app that may be just what we need.... but in the download ADPassMon-master.zip, I can't seem to find the actual app.
I'm probably looking in the wrong place....

Josh_Smith
Contributor III

@AdamH Sounds like you downloaded the repository (source code) instead of the release (finished product): https://github.com/macmule/ADPassMon/releases/latest

Under downloads on that page you want ADPassMon.app.zip

AdamH
New Contributor II

Got it!