Help

Way to Detect macOS Device Lockout

jhamblin
New Contributor

Posted on ‎05-04-2018 07:43 AM

We have a password configuration profile that locks the macOS device when the maximum number of failed attempts reaches 5. This works great. However, the user is never notified when their device is locked nor is there a way for Jamf to notify admins that the account is locked.

What is the best way to:
- Have the device notify a user when their device is locked? Maybe a login screen notification?
- Use Jamf to notify the admins that such event occurred?

Running Jamf Pro 10.2.2
Devices are NOT joined to AD

Reply
2 REPLIES 2

rabbitt
Contributor II
Contributor II

Posted on ‎09-05-2018 07:03 AM

Check https://www.jamf.com/jamf-nation/discussions/26249/signing-into-icloud-in-macos-causes-failed-login-... for a bit of discussion about failed login count.

This command:

/usr/bin/dscl . -readpl /Users/<accountName> accountPolicyData failedLoginCount

will let you know the failure count. Could build out an extension attribute to collect the info (but it's on a per user level). Then create a smart group to get an email notification when someone exceeds a specific value.

0 Kudos
Reply

ktwingstrom
New Contributor

Posted on ‎09-18-2018 02:01 PM

@sean.rabbitt are you doing this on High Sierra? I have tested this by locking my mac, typing a wrong password 3 or 4 times, and then checking that file and it still shows a count of 0. Any ideas why this would be? What version are you using?

0 Kudos
Reply