Local Account Passwords older than X Days

Contributor III

Greetings JAMF Nation!

I've been trying to find a way to check all of our local user accounts that not changed a password in say 90+ days.

I've found a few EA's on here but none that let me specify say greater than or less than in the search but instead just day count and that is it.

Basically trying to get an idea of just how many users we'll be seeing change his or her password come the day we push out our implementation of our local account policy for password changes on non-AD bound computers.


Contributor II

We use this one https://github.com/jamfit/Current-User-Password-Age

Seems to work well.

Valued Contributor

This will get you the epoch time of the password set date for an account. You can compare this to whatever epoch value you want. For example, 90 days.

timeStamp90dBack=$(date -v-90d -u +"%s")

pwLastChangeEpoch=$(dscl . read /Users/"$USERNAME" accountPolicyData | sed -n '/passwordLastSetTime/{n;s@.*<real>(.*)</real>@1@p;}' | sed s/.[0-9,]*$//g)

if [[ $pwLastChangeEpoch -lt $timeStamp90dBack; then
do something here

Contributor III

Sorry for not responding to everyone just got back from a large company event and will be trying some of these this evening and will let everyone know what worked!

New Contributor II

Hi, I;m looking for something similar but want it for all local accounts rather than the one that is logged in. anyone able to assist?

New Contributor III

Does anyone have the script for finding password age, the below link does not seem to work. I am looking for some way to view the password age of a local account on all the machines.


New Contributor

I'm also looking for this, but the Github page is 404.

New Contributor III

@matthewanderson I'm looking for it too.