Passcode Compliance - Resetting a password

rdeleon
New Contributor III

Hi everybody,

Hope everyone is having a great Saturday.

Quick question for all.. I have a remote user that keeps entering the correct password (according to her) on her Mac, but it doesn't work and would like to reset it at this point. However, the credentials for the admin account seem to not work either for some reason. Is there a way in Passcode Compliance in JAMF pro to reset the password on a Mac or disable it on her machine so she can enter the last PW?

 

Thanks everyone.

1 ACCEPTED SOLUTION

AJPinto
Honored Contributor III

Password compliance just sets the password requirements, you cannot use password compliance to reset user passwords. In the past you could use CLI (scripts) to reset user passwords. However, Apple has prevented resetting passwords in CLI with Secure Tokens. You need an account with a secure token, to modify the password of an account with a secure token.

 

You can use the FileVault recovery key to trigger a password reset. You can also have the user reset all passwords using terminal in recovery. 

 

If you forgot your Mac login password - Apple Support

View solution in original post

3 REPLIES 3

AJPinto
Honored Contributor III

Password compliance just sets the password requirements, you cannot use password compliance to reset user passwords. In the past you could use CLI (scripts) to reset user passwords. However, Apple has prevented resetting passwords in CLI with Secure Tokens. You need an account with a secure token, to modify the password of an account with a secure token.

 

You can use the FileVault recovery key to trigger a password reset. You can also have the user reset all passwords using terminal in recovery. 

 

If you forgot your Mac login password - Apple Support

rdeleon
New Contributor III

Yeah, the issue is when I went to that user's machine in JAMF pro, the recovery key is missing so we might have to reformat it. I was able to add an exclusion in JAMF Pro that doesn't let the admin account password to be changed.

Password compliance only defines password requirements and cannot be used to reset user passwords; in the past, CLI (scripts) could reset passwords, but Apple has restricted this with Secure Tokens, requiring an account with a secure token to modify another account's password. Alternatively, you can trigger a password reset using the FileVault recovery key or have the user reset passwords via terminal in recovery.