- Jamf Nation Community
- Products
- Jamf Pro
- macOS 12 Monterey 'Change Password' Grayed Out
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-22-2022 12:49 PM - edited 04-22-2022 12:50 PM
Hi,
Users on macOS 12 clients are unable to change their passwords. The 'Change Password...' buttons in the following locations are grayed out:
System Prefs > Security & Privacy > General > Change Password
System Prefs > Users & Groups > User > Change Password
The buttons stay gray even when the padlocked is unlocked.
This is for local and mobile clients.
My 10.14 clients do not have this problem... is it expected?
Thanks,
David.
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-11-2022 08:11 AM
Fixed.
In my testing this problem affects macOS 11 (Big Sur) and 12 (Monterey) clients but does not affect 10.14 (Mojave) clients.
So after a painstaking process (ie. using a specific client and excluding specific Configuration Policies on-by-one then restarting) I was able to narrow the problem down to a specific Configuration Profile.
I was then able to narrow it down to a specific payload within the Config Profile.
I found that 'Finder' payload also pushes out 'Login Window Preferences' settings. These settings can be seen in System Preference > Profiles > MyProfileName as soon as the Finder payload is created and saved.
On deleting the Finder payload from the relevant Config Profile & saving the changes the Login Window Settings are immediately removed from the Profile on the client. After a restart the 'Change Password...' boxes are no longer greyed out and users can change their passwords.
I have not drilled down further to see if a specific setting in the Finder payload causes this problem. For now I have just deactivated the Finder payload and my users can change passwords once again.
TLDR: A quick fix is to remove any Finder payloads within Configuration Profiles you may be using.
Reply
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-23-2022 05:32 AM
My guess is you have a Configuration Profiles with the “Security and Privacy: General” payload.
That payload has a “Password Change” key. This can prevent users from changing their login password.
That is sometimes deployed along with Kerberos SSO to force users to change their password via the Kerberos Extension.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-11-2022 08:11 AM
Fixed.
In my testing this problem affects macOS 11 (Big Sur) and 12 (Monterey) clients but does not affect 10.14 (Mojave) clients.
So after a painstaking process (ie. using a specific client and excluding specific Configuration Policies on-by-one then restarting) I was able to narrow the problem down to a specific Configuration Profile.
I was then able to narrow it down to a specific payload within the Config Profile.
I found that 'Finder' payload also pushes out 'Login Window Preferences' settings. These settings can be seen in System Preference > Profiles > MyProfileName as soon as the Finder payload is created and saved.
On deleting the Finder payload from the relevant Config Profile & saving the changes the Login Window Settings are immediately removed from the Profile on the client. After a restart the 'Change Password...' boxes are no longer greyed out and users can change their passwords.
I have not drilled down further to see if a specific setting in the Finder payload causes this problem. For now I have just deactivated the Finder payload and my users can change passwords once again.
TLDR: A quick fix is to remove any Finder payloads within Configuration Profiles you may be using.
Reply
