We want to reset passwords to admin accounts periodically (on many computers with the same admin username), and for this purpose, thinking of something along the lines of:
Currently, the extension attribute "concept" is:
result=grep ("$(date)" /var/log/passwordresetdate.log)
[[OR stat -c stat -c '%w' MyFileName, but this is currently not working]]
The end result should be a policy that does this once in X time, and afterwards all the admin users with this username on all designated computers will have a new password. This will keep running on computers until they all have the new password (and due to this I figured we need
Will appreciate any input on how to make this process better, and if it is possible to pull the creation date from a file created (I'll use touch to create the file after the policy runs the password reset using a trigger that will run on another policy) for this purpose!
I would suggest taking a look at this https://github.com/NU-ITS/LAPSforMac
We used this (and adapted slightly) to randomize a local admin password on our machines. We previously used the LAPS utility created by Joshua Miller, but since moving away from binding our devices from AD, we had to find a different solution and this fit our needs.