Password policy changed

New Contributor III

I just want to change our password policy to 12 characters length. And we wanted to to know who it will affect. Meaning if I have a password that is 16 length will it make me change it. I Wanted to see if there was a smart group or attribute that we can make to make sure that it won’t affect the people who have more than what is needed. Also I wanted to know if I do change the policy will it only affect new users or make everyone change it.


Honored Contributor
  • Who will it effect? Everyone who has a password that does not meet the complexity defined in your configuration profile
  • What devices will it effect? Every device that you scope to the configuration profile
  • What happens if a user has a more complex password than what is required? Nothing, they already meet the password requirements 
  • Will it effect new users and old users alike? Yes, it will effect every user on a device with the configuration profile installed even the management account.


You didn't mention this, but password age is a good thing to cover. I recommend setting a max password age. There is not really a way to "peek" a users password for JAMF to be able to report on anything involving passwords. Being able to use CLI to "peek" a users password would be a massive security concern. 


I cannot stress enough. Test, test and test again. A good thing about the password requirement configuration profile. If something breaks you can just remove the configuration profile and the account will work like normal again.