Posted on 07-22-2023 09:07 AM
Hi everybody,
Hope everyone is having a great Saturday.
Quick question for all.. I have a remote user that keeps entering the correct password (according to her) on her Mac, but it doesn't work and would like to reset it at this point. However, the credentials for the admin account seem to not work either for some reason. Is there a way in Passcode Compliance in JAMF pro to reset the password on a Mac or disable it on her machine so she can enter the last PW?
Thanks everyone.
Solved! Go to Solution.
Posted on 07-25-2023 07:12 AM
Password compliance just sets the password requirements, you cannot use password compliance to reset user passwords. In the past you could use CLI (scripts) to reset user passwords. However, Apple has prevented resetting passwords in CLI with Secure Tokens. You need an account with a secure token, to modify the password of an account with a secure token.
You can use the FileVault recovery key to trigger a password reset. You can also have the user reset all passwords using terminal in recovery.
Posted on 07-25-2023 07:12 AM
Password compliance just sets the password requirements, you cannot use password compliance to reset user passwords. In the past you could use CLI (scripts) to reset user passwords. However, Apple has prevented resetting passwords in CLI with Secure Tokens. You need an account with a secure token, to modify the password of an account with a secure token.
You can use the FileVault recovery key to trigger a password reset. You can also have the user reset all passwords using terminal in recovery.
Posted on 07-26-2023 11:54 AM
Yeah, the issue is when I went to that user's machine in JAMF pro, the recovery key is missing so we might have to reformat it. I was able to add an exclusion in JAMF Pro that doesn't let the admin account password to be changed.
Posted on 07-26-2023 10:01 PM
Password compliance only defines password requirements and cannot be used to reset user passwords; in the past, CLI (scripts) could reset passwords, but Apple has restricted this with Secure Tokens, requiring an account with a secure token to modify another account's password. Alternatively, you can trigger a password reset using the FileVault recovery key or have the user reset passwords via terminal in recovery.