Change Password tools Broke in 10.14.0

New Contributor II

Changing any local account passwords with Jamf tools (jamf resetPassword command and Reset Password in Jamf remote) no longer work in 10.14.0. They work fine in previous OS versions. Other methods of changing passwords via scripts delivered by Jamf no no longer work either. I saw another post about Managed Accounts passwords could not be changed,, but it seems to affect all accounts. Using other methods outside of secure token (sysadminctl) seem to fail as well when delivered by scripts in Jamf.


New Contributor

Has this been confirmed in 10.14.3 to still be an issue?

Valued Contributor

Using sysadminctl works great in a policy, but you do need to test for your environment to see what works best.

Here’s an example that uses a LAPS password value to reset, but in general you could use this generic reset script

Contributor II


The sysadminctl command doesn't output proper return codes. So even if the command fails with the standard "Operation is not permitted without secure token unlock.", the exit code is still 0 and always is 0 which is bad. (At least in 10.13)