using pwpolicy to require an immediate password reset

sean_pascual
New Contributor

Hey all,

I'm working on a way to put a policy in the JSS that forces a user to reset their password the next time they log out.

Previously the following script would've done the trick, however Apple has deprecated the -setpolicy command.
pwpolicy -a adminuser -u usertoforcechange -setpolicy "newPasswordRequired=1"

I have had a look at the following script, but it doesn't feature a one time immediate password reset.
https://www.jamf.com/jamf-nation/discussions/18574/user-password-policies-on-non-ad-machines

Does anyone have any ideas of how to accomplish the same result of pwpolicy -a adminuser -u usertoforcechange -setpolicy "newPasswordRequired=1" with the new plist based commands?

Thanks!

2 REPLIES 2

gachowski
Valued Contributor II

-setpolicy "newPasswordRequired=1" is still working in High Sierra

We use still use it .. I think wants to deprecated all of setpolicy but hasn't done the work to move the needed setting to "Account Policies". I would also guess for security reasons we won't get all the older setting moved forward.

Long way of saying don't think there is a easy way to do that not using -setpolicy and I would guess we are good for a another year using it.

C

sean_pascual
New Contributor

Thanks @gachowski ! Will continue using it for now. :)