Forcing Password Update for Local User Upon Login

gingadmin
New Contributor II

I have a policy in Self Service that deletes a "Temp" local user account and then recreates it. We use this for lending out laptops to students so that we can delete and re-add the account every time it is returned so that we can re-lend it out with a fresh account. I would like to apply a new policy that forces the "Temp" account user to reset their password once upon first login after the account has been recreated via self service. I was planning on using the command: pwpolicy -u "$LOGGEDINUSER" -setpolicy "newPasswordRequired=1"

If I scope this command in policy to a smart group that looks for the Temp local account and then runs once per user at login will this accomplish what I need? The trick is I don't want this command to run when any other accounts login and only want it to run once when the Temp account logs in for the first time after being re-created and then only again when the account is removed and recreated and logged into for the first time once again. If I use a smart group with the criteria of "local user account has "Temp" and then have the policy run once per user at login will this work the way I want it to? Is there a better way to configure this so that when and only when the Temp account first logs in after being created the user is forced to change the password?

1 ACCEPTED SOLUTION

gingadmin
New Contributor II

I got this solved. In case anyone is curious, I added the command below to the end of the policy that creates the Temp account. This worked to force a password change upon first login after the policy is run.

pwpolicy -u Temp -setpolicy "newPasswordRequired=1"

 

View solution in original post

1 REPLY 1

gingadmin
New Contributor II

I got this solved. In case anyone is curious, I added the command below to the end of the policy that creates the Temp account. This worked to force a password change upon first login after the policy is run.

pwpolicy -u Temp -setpolicy "newPasswordRequired=1"