Jamf Nation Community

HNTIT · ‎04-09-2018

We have a local admin account on all our MAC's that is required to be different on a Site By Site basis, and needs to be changed every 3-6 months.

On Sierra this was not an issue, we used dscl passwd and when our policy ran, it updated the FV2 password as well.

On High Sierra this just wont work, so we are trying the same with sysadminctl, which works...... sort of.

The password changes perfectly, but the FV2 password does not update until the account logs into the MAC, and then it updates, this is no good for us, it needs to update at the same time.

Any ideas ??

MacSysAdmin · ‎04-09-2018

Sounds like another Apple bug with FV2 and High Sierra. You should call Apple and open a case.

easyedc · ‎04-09-2018

Wont that have to come through

sysadminctl

From the man page:

$ sysadminctl -resetPasswordFor <local user name> -newPassword <new password> [-passwordHint <password hint>]

HNTIT · ‎04-10-2018

That's what I am doing, but it runs as a Policy, and the user in question is not used often, but it is used to enable filevault on new user accounts.

The issue is odd, the change takes effect immediately on the user account, but it's not until you log the user in that the FV2 password updates.

So far, this issue, like a lot of the issues I have found, only effect FV2 on High Sierra IF the machine is using APFS, older machines that upgrade to High Sierra and therefore keep NFS or some other file systems seem to miss a lot of the problems.

Didn't they learn with AFS that Apple cant do filesystems properly, mind you it took them years to finally dump that pile of rubbish, god knows why they are trying again.

HNTIT · ‎04-17-2018

Anyone have any ideas on this ?

Latest test, the password changes OK, but I have to reboot, unlock with the old password, then log in with the new password before the FV2 password sync's.

Anyone ??

Jamf Nation Community

Changing Passwords on High Sierra does not Update FV2