I'm looking for a way to setup an Extension Attribute to let us know when a local user account is locked out of their MacBook.
I'm not seeing or know of a way to track in JAMF. The devices are not bound to AD. Currently in JAMF when I check the local user account and click on managed for that account, I only see the option to unlock it, but it doesn't say if the account is locked or not.
Yeah, sorry, I didn't look closely enough at that to see that it was related to AD accounts.
So, do you have a local password policy applied to accounts? I assume yes, if the account can get locked from too many bad password attempts.
If so, you can try using the pwpolicy command. Something like pwpolicy -getaccountpolicies <account> or pwpolicy -authentication-allowed <account> might be able to give you what you're looking for.