Help

Local Password Policy - non AD Macs

Go to solution
lsivier
New Contributor II

Posted on ‎05-17-2012 01:09 PM

Hi all,

I am looking for some assistance in setting up a local password policy for my Macs that are not bound to AD. Right now, they all have a generic password set, but due to increased security standards, we need them all to require a password to unlock the screensaver (which is now set to kick on after 15 minutes).

Is there a way to force a user to change that generic local password? And if there is, can we force it to match our AD password policy (8 char, 1 upper, 1 #, etc)?

I see the OS - Local Password Policy in the extension attributes, but can't decipher how to make that work on my machines.

Any help would be greatly appreciated.

Thanks.
Lindsay

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
stevewood
Honored Contributor II
Honored Contributor II

Posted on ‎05-17-2012 01:16 PM

Check into using pwpolicy from the command line to do this. You should be able to use it to set the password policy on the local machine.

Apple Man Page - https://developer.apple.com/library/mac/#documentation/Darwin/Reference/Manpages/man8/pwpolicy.8.htm...

An article at AFP548 - http://www.afp548.com/article.php?story=20040926173146494

And another about doing this on 10.7 - http://forums.macrumors.com/archive/index.php/t-1308882.html

View solution in original post

0 Kudos
4 REPLIES 4

Go to solution
stevewood
Honored Contributor II
Honored Contributor II

Posted on ‎05-17-2012 01:16 PM

Check into using pwpolicy from the command line to do this. You should be able to use it to set the password policy on the local machine.

Apple Man Page - https://developer.apple.com/library/mac/#documentation/Darwin/Reference/Manpages/man8/pwpolicy.8.htm...

An article at AFP548 - http://www.afp548.com/article.php?story=20040926173146494

And another about doing this on 10.7 - http://forums.macrumors.com/archive/index.php/t-1308882.html

0 Kudos

Go to solution
lsivier
New Contributor II

Posted on ‎05-21-2012 01:15 PM

Thanks Steve. That stuff did the trick. Still trying to figure out if I can force an upper and lowercase character, but overall, this is exactly what I was looking for.

0 Kudos

Go to solution
jarednichols
Honored Contributor

Posted on ‎05-22-2012 07:52 AM

As far as I'm aware, pwpolicy isn't granular to the point of differentiating upper and lowercase.

0 Kudos

Go to solution
rockpapergoat
Contributor III

Posted on ‎05-22-2012 08:32 AM

check other options to see if they'll work. there's some evidence options other than the ones in the man page will work.

http://lists.apple.com/archives/fed-talk/2011/Jan/msg00032.html

note the "requiresMixedCase=1" and "requiresSymbol=1" options, specifically.

0 Kudos