Local Account Passwords older than X Days

daniel_ross
Contributor II

Greetings JAMF Nation!

I've been trying to find a way to check all of our local user accounts that not changed a password in say 90+ days.

I've found a few EA's on here but none that let me specify say greater than or less than in the search but instead just day count and that is it.

Basically trying to get an idea of just how many users we'll be seeing change his or her password come the day we push out our implementation of our local account policy for password changes on non-AD bound computers.

7 REPLIES 7

al_platt
Contributor II

We use this one https://github.com/jamfit/Current-User-Password-Age

Seems to work well.

iJake
Valued Contributor

This will get you the epoch time of the password set date for an account. You can compare this to whatever epoch value you want. For example, 90 days.

timeStamp90dBack=$(date -v-90d -u +"%s")

pwLastChangeEpoch=$(dscl . read /Users/"$USERNAME" accountPolicyData | sed -n '/passwordLastSetTime/{n;s@.*<real>(.*)</real>@1@p;}' | sed s/.[0-9,]*$//g)

if [[ $pwLastChangeEpoch -lt $timeStamp90dBack; then
do something here
fi

daniel_ross
Contributor II

Sorry for not responding to everyone just got back from a large company event and will be trying some of these this evening and will let everyone know what worked!

tstott
New Contributor II

Hi, I;m looking for something similar but want it for all local accounts rather than the one that is logged in. anyone able to assist?

Kmartin
New Contributor III

Does anyone have the script for finding password age, the below link does not seem to work. I am looking for some way to view the password age of a local account on all the machines.

https://github.com/jamfit/Current-User-Password-Age

matthewanderson
New Contributor

I'm also looking for this, but the Github page is 404.

ThierryD
New Contributor III

@matthewanderson I'm looking for it too.