Posted on 02-19-2015 09:12 AM
Playing around with the passcode policies using config profiles for our OS X machines that don't use AD in certain circumstances but we still want to enforce some password restrictions like AD.
In testing no matter what settings I set in the config profile it always says the password does not meet the administrators rules. At one point I had pretty much every restriction disabled and it still is giving the same error. Anybody have success with this?
Posted on 02-19-2015 09:41 AM
What plists / keys are you setting in the profile?
I've used pwpolicy in the past for this purpose which has worked for my needs. They just don't apply to admin accounts which is a little annoying.
Posted on 02-19-2015 09:50 AM
Chris,
I had it working in X.9.2 and later and early beta X.10 builds but stopped testing when we decided to stay with AD.(It didn't work in X.9.1 and earlier).
I think config profiles is the for managing the password policies is way to go and that most of us will be using profiles to do this in the future. I know a few big companies are managing local passwords with homegrown tools already, instead of AD. It's my understanding that they were sick of AD issues and gave up on the built in plug-in.
If I remember correctly I was building the config profiles on Mac OS X server and them uploading them into Casper. I also just tested local too. : )
Hope this helps.
C
Posted on 02-19-2015 11:35 AM
Thanks both for your responses
@davidacland in the JSS https://dl.dropboxusercontent.com/u/519077/p1.png
On the client: https://dl.dropboxusercontent.com/u/519077/p2.png
So if I wanted to change a password to Jamfnation2015! it should work, no?
Posted on 02-19-2015 11:52 AM
So that looks right :) however I would guess that the allow simple might be causing the issue. (allow simple might be Apple English for require simple) In my testing that was on one of the pre X.9.2 issue that was not working at all. Also this doc says that it's the default...
https://developer.apple.com/library/ios/featuredarticles/iPhoneConfigurationProfileRef/Introduction/Introduction.html
I think you need to look at the .xml of the profile and check against the above doc.
C
Posted on 02-19-2015 08:12 PM
I have been doing all my testing on Yosemite. Looks like it works fine under Mavericks.