Skip to main content
Jamf Nation, hosted by Jamf, is a knowledgeable community of Apple-focused admins and Jamf users. Join us in person at the ninth annual Jamf Nation User Conference (JNUC) this November for three days of learning, laughter and IT love.

Remote reset of user passwords on 10.14.4, broken?

I created a profile that would lock a user account after x amount of failed password attempts, then tested it and got nicely locked out. Received a msg to contact the sysadmin which is me so looked at how to unlock the account but could not find anything in Jamf Cloud or Remote, I did see a password reset option so tried that but that fails, both via Cloud as a policy and via remote.

The management password was set to random so thought I would reset that so at least I could dive in via the hidden jamf-admin account but that also fails.

I'm confused now. Does local account password resetting work via Jamf or is that broken in 10.14.4? Not just changing passwords, creating a brand new account will also fail.

Like Comment
Order by:
SOLVED Posted: by vanschip-gerard

Update. AD binding was enabled so I decided to log on via an AD account so I at least can see whats going on. It seems Jamf DOES create the accounts but the passwords I set in Jamf do not work. Even have a password that was just TEST and that still does not work.

Like
SOLVED Posted: by vanschip-gerard

Checking the jamf.log I see that it runs the policy but it fails at resetting the password. Strange enough I am able to create a new user.

Like
SOLVED Posted: by larry_barrett

Part of the problem of setting a lockout policy for that user is they are already locked out. That's what the password is for.

We just reset our passwords through AD if it comes up. You're adding an extra step (and extra work for yourself). You don't make new accounts in Jamf, you do it in Active Directory.

Best advice: In Prestage Enrollment setup an account for Administration and keep it hidden. Prestage Enrollment -> Options -> Account Settings. Stop with this local account nonsense.

Like
SOLVED Posted: by vanschip-gerard

Thanks for the helpful local account nonsense comment @larry_barrett . Sometimes you have certain restrictions to work with or around. In my case a much larger organization that insisted in renting machines from their preferred supplier resulting in machines NOT being available for DEP enrolments plus network restrictions that block access to Jamf at the first stage. Things are changing but changes are slow and for now I need a local account that I can change the password for.

I have emailed with Jamf Support and they are aware of the problem which is due to changes from Apples side. They are working on it.

Like