+5Hi,
I'm looking for a way to setup an Extension Attribute to let us know when a local user account is locked out of their MacBook.
I'm not seeing or know of a way to track in JAMF. The devices are not bound to AD. Currently in JAMF when I check the local user account and click on managed for that account, I only see the option to unlock it, but it doesn't say if the account is locked or not.
+24This may help.
https://community.jamf.com/t5/jamf-pro/detecting-status-of-local-account-is-it-locked/m-p/193629
I can't test it ATM since I don't have a locked account on any device near me.
+5Hey @mm2270 ,
Thanks for the reply. In this scenario, our devices aren't bound to the domain, so I don't think we'd be able to utilize that lockoutTime line.
+24Yeah, sorry, I didn't look closely enough at that to see that it was related to AD accounts.
So, do you have a local password policy applied to accounts? I assume yes, if the account can get locked from too many bad password attempts.
If so, you can try using the pwpolicy command. Something like pwpolicy -getaccountpolicies <account> or pwpolicy -authentication-allowed <account> might be able to give you what you're looking for.
+16Remember that the EA will only show you the status from the last time inventory was collected - which may affect your workflow. (RIP Jamf Remote, looking forward to your return)
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.