Script dscl . -passwd change for local account with Kace SMA?

I've attempted many different variations of running a local administrator account password change on our Macs with Kace... such as...

sudo dscl . -passwd /Users/localadmin -o oldPassword -p newPassword
sudo security set-keychain-password -o oldPassword -p newPassword /users/localadmin/Library/Keychains/login.keychain

or... just blowing away the keychain...

sudo dscl . -passwd /Users/localadmin -o oldPassword -p newPassword
sudo rm -r /Users/localadmin/Library/Keychains/*

and because we have many different passwords for the local admin account... a line for each...

sudo dscl . -passwd /Users/localadmin -o oldPassword -p newPassword
sudo dscl . -passwd /Users/localadmin -o oldPassword1 -p newPassword
sudo dscl . -passwd /Users/localadmin -o oldPassword2 -p newPassword
sudo dscl . -passwd /Users/localadmin -o oldPassword3 -p newPassword
sudo rm -r /Users/localadmin/Library/Keychains/*

But after running the script with Kace, I cannot su to the localadmin with "newPassword"... Or "oldPassword". So the Kscript seems to be changing the password, just not to what I am putting in the script.

I first thought it was a case of not properly escaping special characters (&^%$#!*_+) so I changed the password on a test machine to just be text and numbers. This did not help, and after running the script, I was unable to su into the localadmin account with either old or new password. The error was that I was using an incorrect password. Could this be due to character set differences? I've worn out my Google foo on this subject.

0 Comments   [ + ] Show comments

Answers (1)

Answer Summary:
Posted by: horacior 2 years ago
Fourth Degree Green Belt

Top Answer


I have an Online Shell Script and this command works perfectly for me:

/usr/bin/dscl . -passwd /Users/USERNAME password

Special characters don't affect the script also works with 10.14.

Give it a try, It should work.

  • Thanks Horacior! I wasn't hopeful because I could have sworn I tried that... But lo and behold! It worked! - kpm8 2 years ago
  • Actually, it appears to be touch and go. Looks like it works with High Sierra, but not Mojave. Also, and more importantly, the characters do matter. I learned I had to escape the '#' that was used in a password. Also, if I used a # sign in the beginning of the password, the new user admin password was set to blank. So, be very cautious with your password special characters! - kpm8 2 years ago
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ