Help

Forcing a Password Reset

zake
New Contributor III

Posted on ‎06-25-2019 12:33 PM

Hello,

I want to enforce a password policy with existing computers. After creating the configuration profile. How do I go about forcing the user to reset their password to something that satisfies the password profile. Also taking into account that there is a hidden localadmin account on the machine and I do not want that account to be asked to change the password. Just the employees user account.

Any thoughts?

Thanks

0 Kudos
Reply
5 REPLIES 5

seraphina
Contributor II

Posted on ‎06-25-2019 01:28 PM

There are a couple of ways to do this. In jamf $3 refers to current user, or you can get the current user from terminal commands or python.

If the command is being run with sudo

#!/bin/bash
CURRENTUSER=$(/usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");')
pwpolicy -u "$CURRENTUSER" -setpolicy "newPasswordRequired=1"

If the configuration profile is set, enforcing a certain password complexity, this will obey your profile.
Without sudo you will need an "authenticator", so the password will be stored in plain text which is not ideal. This policy also does not prevent them from making the password the same, so make sure your configuration profile forces a level of complexity you would like them to have. You can also set a password expiration policy with pwpolicy as well. Check the man pages for more info 

#!/bin/bash
CURRENTUSER=$(/usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");')
pwpolicy -a adminUser -p adminPassword -u "$CURRENTUSER" -setpolicy "newPasswordRequired=1"

0edc6f1fbb414b9ea024c95bc485e7c6

Reply

techtech
New Contributor

Posted on ‎09-20-2019 09:46 AM

Is it possible to force a password reset using jamf now?

Reply

edouard
New Contributor

Posted on ‎12-15-2021 05:36 PM

is there a solution for macOS 12 Monterey as this script has python in it?

0 Kudos
Reply

edouard
New Contributor
In response to edouard

Posted on ‎01-25-2022 06:20 PM

all of a sudden, the script works again.

0 Kudos
Reply

tkimpton
Valued Contributor II

Posted on ‎09-22-2022 02:11 AM

Does this also update filevault?

0 Kudos
Reply