Anyone using Password policies via config profiles for OSX?

chriscollins
Valued Contributor

Playing around with the passcode policies using config profiles for our OS X machines that don't use AD in certain circumstances but we still want to enforce some password restrictions like AD.

In testing no matter what settings I set in the config profile it always says the password does not meet the administrators rules. At one point I had pretty much every restriction disabled and it still is giving the same error. Anybody have success with this?

5 REPLIES 5

davidacland
Honored Contributor II
Honored Contributor II

What plists / keys are you setting in the profile?

I've used pwpolicy in the past for this purpose which has worked for my needs. They just don't apply to admin accounts which is a little annoying.

gachowski
Valued Contributor II

Chris,

I had it working in X.9.2 and later and early beta X.10 builds but stopped testing when we decided to stay with AD.(It didn't work in X.9.1 and earlier).

I think config profiles is the for managing the password policies is way to go and that most of us will be using profiles to do this in the future. I know a few big companies are managing local passwords with homegrown tools already, instead of AD. It's my understanding that they were sick of AD issues and gave up on the built in plug-in.

If I remember correctly I was building the config profiles on Mac OS X server and them uploading them into Casper. I also just tested local too. : )

Hope this helps.
C

chriscollins
Valued Contributor

Thanks both for your responses

@davidacland in the JSS https://dl.dropboxusercontent.com/u/519077/p1.png
On the client: https://dl.dropboxusercontent.com/u/519077/p2.png

So if I wanted to change a password to Jamfnation2015! it should work, no?

gachowski
Valued Contributor II

So that looks right :) however I would guess that the allow simple might be causing the issue. (allow simple might be Apple English for require simple) In my testing that was on one of the pre X.9.2 issue that was not working at all. Also this doc says that it's the default...

https://developer.apple.com/library/ios/featuredarticles/iPhoneConfigurationProfileRef/Introduction/Introduction.html

I think you need to look at the .xml of the profile and check against the above doc.

C

chriscollins
Valued Contributor

I have been doing all my testing on Yosemite. Looks like it works fine under Mavericks.