I have a policy in Self Service that deletes a "Temp" local user account and then recreates it. We use this for lending out laptops to students so that we can delete and re-add the account every time it is returned so that we can re-lend it out with a fresh account. I would like to apply a new policy that forces the "Temp" account user to reset their password once upon first login after the account has been recreated via self service. I was planning on using the command: pwpolicy -u "$LOGGEDINUSER" -setpolicy "newPasswordRequired=1"
If I scope this command in policy to a smart group that looks for the Temp local account and then runs once per user at login will this accomplish what I need? The trick is I don't want this command to run when any other accounts login and only want it to run once when the Temp account logs in for the first time after being re-created and then only again when the account is removed and recreated and logged into for the first time once again. If I use a smart group with the criteria of "local user account has "Temp" and then have the policy run once per user at login will this work the way I want it to? Is there a better way to configure this so that when and only when the Temp account first logs in after being created the user is forced to change the password?
