Help

Changing Password Configuration Profile

adam_debusscher
New Contributor

Posted on ‎10-30-2019 01:00 PM

Hi all,

I'm changing a configuration profile to exclude the local admin account for the password complexity requirements.

I'm wondering what affects this may have on existing local accounts on the MacBook. Will they be forced to change their exisiting password? Will the timer on their password policy restart?

I'm kinda nervous to hit the distribute to all right now because I'm not sure what the effect will be.

Labels:
0 Kudos
2 REPLIES 2

jhalvorson
Valued Contributor

Posted on ‎10-31-2019 01:49 PM

I could be wrong, but I don't think the policy will avoid prompting the local admin account from being required to change the password. I don't think it matters if you have it set to computer or user level.
You may want to wait for others to answer or contact Jamf support.

0 Kudos

KatieE
Contributor
Contributor

Posted on ‎10-31-2019 03:07 PM

Hi @adam.debusschere - please be cautious with this profile. If you select the Force password reset on next user authentication option, it will warn you:

This setting forces a password reset the next time the user tries to authenticate. This applies to the Jamf Management Account and all local accounts including administrators. Authentications may fail until the user's password is reset.

(Emphasis mine.) Please also note that this feature is implemented according to Apple's documentation:

If true, causes a password reset to occur the next time the user tries to authenticate. If this key is set in a device profile, the setting takes effect for all users, and admin authentications may fail until the admin user password is also reset. Available in macOS 10.13 and later.
0 Kudos