Help

Need to update local admin password

kwoodard
Contributor III

Posted on ‎11-02-2021 12:59 PM

Hello all! Management has decided that it is time that we update our password that we use for our admin accounts on our fleet of computers. I currently have things set to have that account created during prestage enrollment. It's easy enough to update the password there for all new computers, but how do I go about updating the computers that are already in the wild? To possibly make this even more difficult, I have multiple different OS's out there (been trying to get people to update their OS when I tell them, but 90% don't read IT emails...)

 

Help!

0 Kudos
5 REPLIES 5

johandahl
New Contributor III

Posted on ‎11-02-2021 03:04 PM

This is one way of doing it but it makes my stomach ache a little bit. To have the passwords in cleartext inside a script

/usr/bin/dscl . -passwd /Users/username newpassword
/usr/bin/security set-keychain-password -o oldpassword -p newpassword /Users/username/Library/Keychains/login.keychain

 

kwoodard
Contributor III
In response to johandahl

Posted on ‎11-04-2021 08:12 AM

This will be my fallback if the idea below doesn't work.

0 Kudos

mm2270
Legendary Contributor III

Posted on ‎11-02-2021 10:00 PM

Is this admin account enabled for FileVault as well or is it just a local admin account, no FileVault for it? 
If the situation is the latter, you can use a policy in Jamf Pro to reset an account password. I think it’s under the Accounts payload if I’m not mistaken. It should work. But that accounts keychain will become unusable if you need to log into it on any of those Macs. So the login.keychain would need to be deleted to fix that. 

if the account is in the FileVault enabled users list, well, then things are a bit trickier. You could still update the account password using the policy payload mentioned above but the FileVault password will not get updated that way. Meaning if you have to log into that account at the FV2 login screen, it’s going to want the old password. 

kwoodard
Contributor III
In response to mm2270

Posted on ‎11-04-2021 08:12 AM

It's just a local admin password. I haven't started to use FileVault as of yet, that is my next big hurdle to deal with.

I will look into the Accounts payload to see if there is something there. I have a script that I use for folks that mess up things when they change their account passwords (I am stuck in an AD environment, they won't let me not bind to AD) and I can attach that script to the payload for the password change. I will report back if that works.

0 Kudos

coldconfession1
New Contributor II

Posted on ‎11-04-2021 12:10 PM

Yea I was wondering this as well. I was hoping for a solution like LAPS

0 Kudos