Hello all,
Requiring our org to update the password complexity and have a quick few questions.
We have a configuration profile setup to update the password complexity to a higher number of digits needed. Currently our systems have static passwords.
We are doing this in a two pronged approach
1. Config profile will be updated from 12 characters to 16 characters
2. Policy will be run on the determined group of people at a determined time.
# Pulls the current logged in user
currUser=$(ls -l /dev/console | awk '{print $3}')
pwpolicy -u "$currUser" -setpolicy "newPasswordRequired=1"
Since we are planning to roll out this update with groups of people at a time, can we push the config profile (step 1 above) to ALL users without it prompting them to update their password until we run the policy/remote command (step 2 above) to flag the account for a password reset? Or does the config profile have to be scoped to each group at a time (depending on when we determine its their turn)?
- Asking this specific question since all passwords are currently static and do not expire
Additionally, is there a way to determine when the password on a machine was last changed, and add that as an exclusion to the policy that runs to flag the account for a password reset?
- Can this also be done as an EA?