There are a couple of ways to do this. In jamf $3 refers to current user, or you can get the current user from terminal commands or python.
If the command is being run with sudo
#!/bin/bash
CURRENTUSER=$(/usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");')
pwpolicy -u "$CURRENTUSER" -setpolicy "newPasswordRequired=1"If the configuration profile is set, enforcing a certain password complexity, this will obey your profile.
Without sudo you will need an "authenticator", so the password will be stored in plain text which is not ideal. This policy also does not prevent them from making the password the same, so make sure your configuration profile forces a level of complexity you would like them to have. You can also set a password expiration policy with pwpolicy as well. Check the man pages for more info
#!/bin/bash
CURRENTUSER=$(/usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");')
pwpolicy -a adminUser -p adminPassword -u "$CURRENTUSER" -setpolicy "newPasswordRequired=1"
