Skip to main content
Question

using pwpolicy to require an immediate password reset


Forum|alt.badge.img+3

Hey all,

I'm working on a way to put a policy in the JSS that forces a user to reset their password the next time they log out.

Previously the following script would've done the trick, however Apple has deprecated the -setpolicy command.
pwpolicy -a adminuser -u usertoforcechange -setpolicy "newPasswordRequired=1"

I have had a look at the following script, but it doesn't feature a one time immediate password reset.
https://www.jamf.com/jamf-nation/discussions/18574/user-password-policies-on-non-ad-machines

Does anyone have any ideas of how to accomplish the same result of pwpolicy -a adminuser -u usertoforcechange -setpolicy "newPasswordRequired=1" with the new plist based commands?

Thanks!

2 replies

Forum|alt.badge.img+16
  • Honored Contributor
  • 1054 replies
  • October 31, 2017

-setpolicy "newPasswordRequired=1" is still working in High Sierra

We use still use it .. I think wants to deprecated all of setpolicy but hasn't done the work to move the needed setting to "Account Policies". I would also guess for security reasons we won't get all the older setting moved forward.

Long way of saying don't think there is a easy way to do that not using -setpolicy and I would guess we are good for a another year using it.

C


Forum|alt.badge.img+3
  • Author
  • New Contributor
  • 3 replies
  • November 6, 2017

Thanks @gachowski ! Will continue using it for now. :)


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings