Is it possible to update an Administrator password created through PreStage Enrollment

user-pVcDTGvoEV
New Contributor II

Hi All, 

I created a Pre-Stage Enrollment that includes a local administrator account on all of the MacBooks in the Pre-Stage enrollment. I now want to update that admin password on all of the affected devices.

I have updated the password on the Pre-Stage Enrollment but I am not sure that will change the MacBooks that are already setup. 

Is there a process to update that local admin password (silently hopefully) that I am overlooking?

1 ACCEPTED SOLUTION

YanW
Contributor III

maybe this

dscl . -passwd /Users/yourlocaladmin oldpassword newpassword

View solution in original post

14 REPLIES 14

YanW
Contributor III

maybe this

dscl . -passwd /Users/yourlocaladmin oldpassword newpassword

Thanks for the reply

Is this something I can run remotely through JAMF for the devices for where I can push it down? 

Maybe "Files and Processes" in a new policy, put that command in "Execute Command". 

Thanks for this update. I have listed that command in a policy as you specified and forced it to update at check-in & at user login to make sure its going to be pushed down. 

 

 

Gabriel1
New Contributor

When I try this, I get:

DS error: eDSAuthPasswordQualityCheckFailed

<dscl_cmd> DS Error: -14165 (eDSAuthPasswordQualityCheckFailed)

Any ideas?

YanW
Contributor III

Do you have any passcode requirement set in Configuration Profile? If no, then I don't know. You can try changing password using "Local Accounts" or "Management Accounts" payloads in policies.

respinoza
New Contributor

quick question, my admin's password has spaces in between how can I keep it all together so the command looks at it like one "word"?

Tribruin
Valued Contributor II

If you don't need or care about a Keychain or FileVault for the administrator you could use a policy with the local account option and do a Reset Password. 

 

But, if you know the password, I would script the password change as @YanW mentioned above. 

mmcallister
Contributor II

If it is also the management account, there is a payload for this in Computer Policies.

Tildo
New Contributor III

Am I correct in say, if you use the management account payload in Computer policies this will not change the filevault2 password?

mmcallister
Contributor II

@Tildo In my testing, using this payload changed the password for both login and for Filevault2.

Tildo
New Contributor III

I will give it a test. Thanks

Tildo
New Contributor III

So I just wanted to update on this. We have the managed account, which gets added during the prestage. We also have a local admin account which the desktop support team use to login when a user has issues. What I want to do is reset the local administrator account to a more secure password. I am guessing this would need to be done via the script using the 'Files and Processes' payload? 

mmcallister
Contributor II

@Tildo Yes, that's correct.