Posted on 04-08-2014 06:12 AM
I've configured ADPassmon2, and dumped the config in a Composer package and did the FEU/FUT checks, but when a user logs in they don't see the app.
Posted on 04-08-2014 06:57 AM
I struggled with this app too and at one point it was locking me out of AD. I'd be interested to see what people do here.
Posted on 04-08-2014 07:17 AM
I just put it in Self Service. If a user comes up and is having issues with password expiration, I have them open up Self Service, install it, and run it while they're working with me. Not the most efficient way to get people using it, but I've found it works better than a ghost install.
Posted on 04-08-2014 10:20 AM
Hi all,
I guess you mean my forked app from macmule.com?
Personally, I deploy the app.. Use MCX for the prefs & launch the app via a Launch Agent.
Is that something you can try?
Posted on 04-08-2014 10:43 AM
@bentoms you mean your "awesome forked app from macmule.com"
Posted on 04-08-2014 10:48 AM
Ha.. Err.. 90% is someone else's.
Anyways, I hope the launchAgent option makes sense?
Posted on 04-08-2014 10:49 AM
I run this as well after updating ADPassMon.
#!/bin/bash
# Created by Jason Bush 3/6/2014
#
# Enabling Accessibility for ADPassMon in Mavericks
#
# http://work.chrisdietrich.de/enabling-accessibility-for-adpassmon-in-mavericks/
os=$(sw_vers -productVersion | awk -F. '{print $2}')
echo $os
if [[ ${os} -ge 9 ]]; then
sqlite3 /Library/Application Support/com.apple.TCC/TCC.db "delete from access where client='org.pmbuko.ADPassMon';"
sqlite3 /Library/Application Support/com.apple.TCC/TCC.db "INSERT INTO access VALUES('kTCCServiceAccessibility','org.pmbuko.ADPassMon',0,1,1,NULL);"
else
echo "You are not running Mavericks"
fi
LaunchAgent I use...
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<dict>
<key>SuccessfulExit</key>
<false/>
</dict>
<key>Label</key>
<string>com.company.adpassmon</string>
<key>ProgramArguments</key>
<array>
<string>/Applications/ADPassMon.app/Contents/MacOS/ADPassMon</string>
</array>
</dict>
</plist>
Posted on 04-08-2014 10:50 AM
@jwojda, if you use behaviour 2.. Then no-need for accessibility settings. It's all done in app.
Posted on 04-08-2014 11:21 AM
I guess I don't have any experience using launchagents unfortunately.
I'll work with jhbush's and see if I can get that rollin.
THank you :)
Posted on 04-08-2014 11:52 AM
for deployment to a new box, would I need to modify the user template? When I sign in with a new user on a box, it doesn't have the config file, causing it to open as new. I tend to shy away from MCX due to the phasing out from Apple. My preference is to use the preference file if possible..
Posted on 04-08-2014 12:02 PM
MCX isn't dead, Config profiles are just MCX wrapped up differently.
But a plist would work. & if using that you'd need to deploy via FEU/FUT's. But you'd also need to strip out some of it. Such as any date found etc.
Posted on 04-08-2014 12:09 PM
2nd what @bentoms has said about MCX.
The MCX compositor is an essential part of the OS! Both config profiles and MCX utilise and require it. Where people are going wrong is that MCX via OD is going away. Local MCX will remain, thus Casper support will remain for the foreseeable future.
Hence why i'm going to beat the drum for my feature request :)https://jamfnation.jamfsoftware.com/featureRequest.html?id=1642
Posted on 04-08-2014 12:21 PM
never mind..
Posted on 04-08-2014 12:28 PM
Managed Preferences ;) It's there on our 9.3 test environment.
Posted on 04-08-2014 12:47 PM
just as you posted that I found it.. :)
okay, so MCX... is how does that work for configuring something like this? I guess it would prevent me from having to worry about app updates - so I could just deploy the app w/o worrying about the preferences.
At this point, my goal is to get this tested and bundled up for deployment so I can do a pilot with a few users and let tech's use it to see if it actually resolves some of the frustrations or only creates new ones.
Posted on 04-08-2014 01:42 PM
@bentoms Are you planning an MCX setting to control the manual expiry in days setting? This would be invaluable for where I am as we've discussed elsewhere.
Posted on 04-08-2014 01:45 PM
@franton, it's already there. Look at the manual mode: http://yourmacguy.wordpress.com/adpassmon/
I think 140 characters lost translation somehow!
Posted on 04-08-2014 03:57 PM
@bentoms D'oh! My bad.
(See my auto desk post for why I've been distracted lately)
Posted on 04-09-2014 11:15 AM
I'm trying the MCX route just for giggles. However, i setup the MCX, btu when I launch the app now nothing happens. I noticed in the plist some of the options were not strings... just true...
how do you setup those in an mcx?
Posted on 12-03-2014 07:36 AM
I need to implement this, constant Login keychain calls... Kinda missed the boat on this.
Posted on 03-03-2015 07:08 AM
I have not been able to get the right preferences packaged where it saves these settings - and it re-checks expiration at launch without a ?. I am capturing it with Composer and using FUT & FET.
Any ideas?
<key>enableKeychainLockCheck</key>
<true/>
<key>enableNotifications</key>
<true/>
<key>isBehaviour2Enabled</key>
<integer>1</integer>
<key>selectedBehaviour</key>
<integer>2</integer>
Posted on 03-03-2015 07:29 AM
@bentoms oh wise one please spread your wealth of knowledge ^^^^
Posted on 03-03-2015 11:56 AM
So I was able to get the right plist packaged and deployed show it shows their expiration date. The only issue now is the preferences window of ADPassMon shows up on the next reboot the first time the app runs but only the first time. Not after that.
Posted on 03-03-2015 01:08 PM
@bwiessne, I think it's the prefsLocked key that wil hide the window.
Posted on 03-03-2015 02:27 PM
Thanks @bentoms
If anyone is wondering this is an awesome feature to enable.
"Lockable Preferences
If you’re an administrator and wish to deploy this utility to your Macs, you can disable access to the Preferences window by adding a prefsLocked key and setting its value to true in the org.pmbuko.ADPassMon.plist. You can do this via MCX, or manually by entering this command in the terminal:
defaults write org.pmbuko.ADPassMon prefsLocked true"