PW policy that targets specific local user account

New Contributor III

So we've been binding macs to Active Directory for a while and the relationship has not been smooth. Filevault and AD passwords are regularly going out of sync. I've not found a great solution to fixing it. Been having folks log in via another generic user account, just on the vpn and switch user.

Anyways, the idea we had was to create a non-AD/mobile account for the user. The problem is we need to enforce a password policy. We only want to target that local account (we have admin and service accounts on all machines). Is there a way to scope pw policies to ONE mac user account vs the machine?



Honored Contributor III

@Switchfly_IT If all of your Macs are on macOS Catalina or above you could use Apple's Kerberos Single Sign-on Extension. Also see the Intro to Kerberos Single sign-on with Apple devices section of Apple's Deployment Reference for Mac.