01/29/2019 159 views

I've attempted many different variations of running a local administrator account password change on our Macs with Kace... such as...

sudo dscl . -passwd /Users/localadmin -o oldPassword -p newPassword
sudo security set-keychain-password -o oldPassword -p newPassword /users/localadmin/Library/Keychains/login.keychain

or... just blowing away the keychain...

sudo dscl . -passwd /Users/localadmin -o oldPassword -p newPassword
sudo rm -r /Users/localadmin/Library/Keychains/*

and because we have many different passwords for the local admin account... a line for each...

sudo dscl . -passwd /Users/localadmin -o oldPassword -p newPassword
sudo dscl . -passwd /Users/localadmin -o oldPassword1 -p newPassword
sudo dscl . -passwd /Users/localadmin -o oldPassword2 -p newPassword
sudo dscl . -passwd /Users/localadmin -o oldPassword3 -p newPassword
sudo rm -r /Users/localadmin/Library/Keychains/*

But after running the script with Kace, I cannot su to the localadmin with "newPassword"... Or "oldPassword". So the Kscript seems to be changing the password, just not to what I am putting in the script.

I first thought it was a case of not properly escaping special characters (&^%$#!*_+) so I changed the password on a test machine to just be text and numbers. This did not help, and after running the script, I was unable to su into the localadmin account with either old or new password. The error was that I was using an incorrect password. Could this be due to character set differences? I've worn out my Google foo on this subject.

Answer Summary:
0 Comments   [ + ] Show comments


Answer Chosen by the Author



I have an Online Shell Script and this command works perfectly for me:

/usr/bin/dscl . -passwd /Users/USERNAME password

Special characters don't affect the script also works with 10.14.

Give it a try, It should work.

Answered 01/29/2019 by: horacior
Green Belt

  • Thanks Horacior! I wasn't hopeful because I could have sworn I tried that... But lo and behold! It worked!
  • Actually, it appears to be touch and go. Looks like it works with High Sierra, but not Mojave. Also, and more importantly, the characters do matter. I learned I had to escape the '#' that was used in a password. Also, if I used a # sign in the beginning of the password, the new user admin password was set to blank. So, be very cautious with your password special characters!