Cannot change Local Admin Password

k84
New Contributor III

Hi Folks

Has anyone had this issue when changing our local admin password via Jamf in the Local Accounts payload and choose 'Reset' I get an error stating 'Error resetting the password for user'

I am using Jamf Pro 10.27
Tested on macOS High Sierra & Mojave, just keeps failing.

Has anyone else had this issue or have some sort of fix

11 REPLIES 11

alexjdale
Valued Contributor III

The only reason I can think of is if that account has a secure token and is the only account on the Mac that does. Some versions of the OS will protect the sole secure token holder from losing it, meaning you can't force-reset the password, only change it in a manner which retains the secure token (a method which requires the current password). Similarly, you wouldn't be able to delete that account.

matthias_bretz
New Contributor III

If you are familiar with scripting and are fine with handling the passwords in clear text in a script (wouldn’t recommend this) you could use "passwd" on the command line.

sirsir
Contributor

This script works for us when we needed to change local admin password (secure token holder.)

sysadminctl -adminUser ADMINACCOUNTNAME -adminPassword CURRENTPASSWORD -resetPasswordFor ADMINACCOUNTNAME -newPassword NEWPASSWORD

matthias_bretz
New Contributor III

I just stumbled over this KB from Apple: https://support.apple.com/en-ie/HT208171
A bit outdated but provides three scriptable ways.

tanderson
Contributor

I've gotten the error using reset password in a policy but we use a script like @SirSir mentioned and it works for us.

tdilossi
Contributor

@sirsir Is this used via a jamf policy or are you doing this manually on each machine affected?

sirsir
Contributor

@tdilossi With a policy that executes the command.

brianmcbride99
Contributor

I am looking for a similar solution. We have a local "admin" account on all of our machines. An analyst from our ServiceDesk gave out this password last week to assist with a login issue for an end user. We now need to reset this local account password on all machines. Utilizing the Local Accounts payload in policy results in the same error the original poster is seeing.

Is the only option to run the sysadminctl cmd and expose the old and new password in cleartext in some type of log?(or is that not a concern)?

user-OkllnfNtyo
New Contributor

Right click Computer select Manage
On computer management window under System Tools go to Local Users and Groups and select Users
Right click on “Your User Name” and select properties
Clear (Uncheck) "User cannot change password">>Click apply ad Ok>>Exit Computer Management.

jlaslo
New Contributor II

I'm also having this issue. On enrollment, we set up a Local admin account with an initial password. Then when we move it to classroom or lab groups we want to change the password.  Then we get the same error 'Error resetting the password for user'. The weird thing is this policy worked fine up until this week.

gachowski
Valued Contributor II

I have see this happen in the GUI with a manual change. Big Sur M1 machines