Change local password on first log in

New Contributor III


We have about 700 macs at our school. We have a local admin account and a local student account (mobile account created via the AD binding). We have been requested to add a parent Admin account so parent can make slight changes to parental control settings.

I can see that I can deploy a local admin account via policies. But I would like for a parent to reset the password when they first log in. My plan would be to email the parents the password I set and tell them that they will need to create a new password when they sign in. But I don't want them to go through system preferences.

Any ideas??



Valued Contributor

Hi @iamgriffin

If you are comfortable with the command line, you could put together a policy using 'pwpolicy' command. I have been using the following for staff Macbook Pros since December as part of a setup/first boot script .You are forcing a password expire and the user has to change it at next login

pwpolicy -a adminuser -u usertoforcechange -setpolicy "newPasswordRequired=1"

New Contributor III

@LSinNY Thanks, I'll test it out. But that sounds like exactly what I needed.

New Contributor II


Newbie here, please excuse my lack of scripting knowledge.

I too have the same need and when I ran the script from terminal I got the error below:

Password for authenticator administer:
Warning: unable to authenticate as <adminuser>
Error: root privileges or authenticator required

I tried it with sudo in front and without. 002764fe6387468780e2902d0a5eee5e

Contributor II

try replacing admin user with your admin account. something like this;
pwpolicy -a jhfc-adm -u usertoforcechange -setpolicy "newPasswordRequired=1"

I'm assuming that jhfc-adm is your admin account