For the keychain its a bit wonky

#!/bin/sh

sudo security set-keychain-password -o oldpassword -p newpassword /users/test/Library/Keychains/login.keychain

I use reference books when programming. I would buy this as it can help out

[https://www.amazon.com/Bash-Pocket-Reference-Power-Admins/dp/1491941596/ref=pd_bxgy_14_img_3?_encoding=UTF8&pd_rd_i=1491941596&pd_rd_r=PAXGK2FQESB2H0AKEH03&pd_rd_w=BSNgN&pd_rd_wg=XNJBS&psc=1&refRID=PAXGK2FQESB2H0AKEH03](link URL)

Sorry for the delay to reply. I created a policy, the way Nong did and everything went well. Thanks Nong. Thanks Glover

Hi Christopher i tried out your shell script manually and it works on the bassis that you enter the old password. how can this be deployed across many machines via jamf

I've got the same question as @Giannini is there a way to use this via JAMF? Works great when run manually but it fails when run via JAMF trying to enter the old password

Putting the admin password in a script does not sound like a good idea.

I am able to get the policy to work for High Sierra OS but not for Big Sur OS. Does anyone know if there is a difference with Big Sur?

@IreneGarcia - you may want to check out the post Posted: 12/6/2018 at 9:46 AM CST by LovelessinSEA in https://www.jamf.com/jamf-nation/discussions/30317/resetting-local-account-password-via-policy-is-sporadically-failing

For the reason mentioned in that post we can't use the policy to change our account password. I'm using an adaptation of ChristopherGlover's script, but had to add in a bit for the old password to get it to work. Also I strongly suggest encrypting any passwords in scripts with a salted passphrase So it ends up something like

#!/bin/bash
#set Parameter 4 as the username
#set Parameter 5 as your old password encrypted string
#set Parameter 6 as your new password encrypted string
oldpwsalt="<value of salt>"
newpwsalt="<value of salt>"
oldpassphrase="<value of passphrase>"
newpassphrase="<value of passphrase>"
/usr/bin/dscl . passwd /Users/$4 "$(echo "${5}" | /usr/bin/openssl enc -aes256 -d -a -A -S "$oldpwsalt" -k "$oldpassphrase")" "$(echo "${6}" | /usr/bin/openssl enc -aes256 -d -a -A -S "$newpwsalt" -k "$newpassphrase")"
status=$?
if [ $status == 0 ]; then
     echo "Password was changed successfully."
elif [ $status != 0 ]; then
     echo "An error was encountered while attempting to change the password. /usr/bin/dscl exited $status."
fi
exit $status

To get all those values for the script above you have to run something like below where "password" old password and then run it again with the new password.

PASSWORD='password'
SALT=$(openssl rand -hex 8)
K=$(openssl rand -hex 12)
ENCRYPTED=$(echo "${PASSWORD}" | openssl enc -aes256 -a -A -S "${SALT}" -k "${K}")
echo "Encrypted String: ${ENCRYPTED}"
echo "Salt: ${SALT} | Passphrase: ${K}"