Jamf Nation Community

tjgriffin · ‎02-18-2017

Hi,

We have about 700 macs at our school. We have a local admin account and a local student account (mobile account created via the AD binding). We have been requested to add a parent Admin account so parent can make slight changes to parental control settings.

I can see that I can deploy a local admin account via policies. But I would like for a parent to reset the password when they first log in. My plan would be to email the parents the password I set and tell them that they will need to create a new password when they sign in. But I don't want them to go through system preferences.

Any ideas??

Thanks,

Nix4Life · ‎02-19-2017

Hi @iamgriffin

If you are comfortable with the command line, you could put together a policy using 'pwpolicy' command. I have been using the following for staff Macbook Pros since December as part of a setup/first boot script .You are forcing a password expire and the user has to change it at next login

pwpolicy -a adminuser -u usertoforcechange -setpolicy "newPasswordRequired=1"

tjgriffin · ‎02-19-2017

@LSinNY Thanks, I'll test it out. But that sounds like exactly what I needed.

jec1 · ‎11-13-2017

Hi,

Newbie here, please excuse my lack of scripting knowledge.

I too have the same need and when I ran the script from terminal I got the error below:

Password for authenticator administer:
Warning: unable to authenticate as <adminuser>
Error: root privileges or authenticator required

I tried it with sudo in front and without.

burdett · ‎11-14-2017

try replacing admin user with your admin account. something like this;
pwpolicy -a jhfc-adm -u usertoforcechange -setpolicy "newPasswordRequired=1"

I'm assuming that jhfc-adm is your admin account

Jamf Nation Community

Change local password on first log in