Jamf Nation Community

I just put it in Self Service. If a user comes up and is having issues with password expiration, I have them open up Self Service, install it, and run it while they're working with me. Not the most efficient way to get people using it, but I've found it works better than a ghost install.

Hi all,

I guess you mean my forked app from macmule.com?

Personally, I deploy the app.. Use MCX for the prefs & launch the app via a Launch Agent.

Is that something you can try?

@bentoms you mean your "awesome forked app from macmule.com"

Ha.. Err.. 90% is someone else's.

Anyways, I hope the launchAgent option makes sense?

I run this as well after updating ADPassMon.

#!/bin/bash

# Created by Jason Bush 3/6/2014
#
# Enabling Accessibility for ADPassMon in Mavericks
#
# http://work.chrisdietrich.de/enabling-accessibility-for-adpassmon-in-mavericks/

os=$(sw_vers -productVersion | awk -F. '{print $2}')

    echo $os

if [[ ${os} -ge 9 ]]; then

sqlite3 /Library/Application Support/com.apple.TCC/TCC.db "delete from access where client='org.pmbuko.ADPassMon';"

sqlite3 /Library/Application Support/com.apple.TCC/TCC.db "INSERT INTO access VALUES('kTCCServiceAccessibility','org.pmbuko.ADPassMon',0,1,1,NULL);"

    else

echo "You are not running Mavericks"

fi

LaunchAgent I use...

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>KeepAlive</key>
        <dict>
                <key>SuccessfulExit</key>
                <false/>
        </dict>
        <key>Label</key>
        <string>com.company.adpassmon</string>
        <key>ProgramArguments</key>
        <array>
                <string>/Applications/ADPassMon.app/Contents/MacOS/ADPassMon</string>
        </array>
</dict>
</plist>

@jwojda, if you use behaviour 2.. Then no-need for accessibility settings. It's all done in app.

I guess I don't have any experience using launchagents unfortunately.
I'll work with jhbush's and see if I can get that rollin. THank you :)

for deployment to a new box, would I need to modify the user template? When I sign in with a new user on a box, it doesn't have the config file, causing it to open as new. I tend to shy away from MCX due to the phasing out from Apple. My preference is to use the preference file if possible..

MCX isn't dead, Config profiles are just MCX wrapped up differently.

But a plist would work. & if using that you'd need to deploy via FEU/FUT's. But you'd also need to strip out some of it. Such as any date found etc.

2nd what @bentoms has said about MCX.

The MCX compositor is an essential part of the OS! Both config profiles and MCX utilise and require it. Where people are going wrong is that MCX via OD is going away. Local MCX will remain, thus Casper support will remain for the foreseeable future.

Hence why i'm going to beat the drum for my feature request :)https://jamfnation.jamfsoftware.com/featureRequest.html?id=1642

never mind..

Managed Preferences ;) It's there on our 9.3 test environment.

just as you posted that I found it.. :)

okay, so MCX... is how does that work for configuring something like this? I guess it would prevent me from having to worry about app updates - so I could just deploy the app w/o worrying about the preferences.

At this point, my goal is to get this tested and bundled up for deployment so I can do a pilot with a few users and let tech's use it to see if it actually resolves some of the frustrations or only creates new ones.

@bentoms Are you planning an MCX setting to control the manual expiry in days setting? This would be invaluable for where I am as we've discussed elsewhere.

@franton, it's already there. Look at the manual mode: http://yourmacguy.wordpress.com/adpassmon/

I think 140 characters lost translation somehow!

@bentoms D'oh! My bad.

(See my auto desk post for why I've been distracted lately)

I'm trying the MCX route just for giggles. However, i setup the MCX, btu when I launch the app now nothing happens. I noticed in the plist some of the options were not strings... just true...
how do you setup those in an mcx?

I need to implement this, constant Login keychain calls... Kinda missed the boat on this.

I have not been able to get the right preferences packaged where it saves these settings - and it re-checks expiration at launch without a ?. I am capturing it with Composer and using FUT & FET.

Any ideas?

<key>enableKeychainLockCheck</key>
<true/>
<key>enableNotifications</key>
<true/>
<key>isBehaviour2Enabled</key>
<integer>1</integer>
<key>selectedBehaviour</key>
<integer>2</integer>

@bentoms oh wise one please spread your wealth of knowledge ^^^^

So I was able to get the right plist packaged and deployed show it shows their expiration date. The only issue now is the preferences window of ADPassMon shows up on the next reboot the first time the app runs but only the first time. Not after that.

@bwiessne, I think it's the prefsLocked key that wil hide the window.

Thanks @bentoms

If anyone is wondering this is an awesome feature to enable.

"Lockable Preferences

If you’re an administrator and wish to deploy this utility to your Macs, you can disable access to the Preferences window by adding a prefsLocked key and setting its value to true in the org.pmbuko.ADPassMon.plist. You can do this via MCX, or manually by entering this command in the terminal:

defaults write org.pmbuko.ADPassMon prefsLocked true"