/build/static/layout/Breadcrumb_cap_w.png

Scripting Question


Script dscl . -passwd change for local account with Kace SMA?

01/29/2019 599 views

I've attempted many different variations of running a local administrator account password change on our Macs with Kace... such as...

sudo dscl . -passwd /Users/localadmin -o oldPassword -p newPassword
sudo security set-keychain-password -o oldPassword -p newPassword /users/localadmin/Library/Keychains/login.keychain

or... just blowing away the keychain...

sudo dscl . -passwd /Users/localadmin -o oldPassword -p newPassword
sudo rm -r /Users/localadmin/Library/Keychains/*

and because we have many different passwords for the local admin account... a line for each...

sudo dscl . -passwd /Users/localadmin -o oldPassword -p newPassword
sudo dscl . -passwd /Users/localadmin -o oldPassword1 -p newPassword
sudo dscl . -passwd /Users/localadmin -o oldPassword2 -p newPassword
sudo dscl . -passwd /Users/localadmin -o oldPassword3 -p newPassword
sudo rm -r /Users/localadmin/Library/Keychains/*

But after running the script with Kace, I cannot su to the localadmin with "newPassword"... Or "oldPassword". So the Kscript seems to be changing the password, just not to what I am putting in the script.

I first thought it was a case of not properly escaping special characters (&^%$#!*_+) so I changed the password on a test machine to just be text and numbers. This did not help, and after running the script, I was unable to su into the localadmin account with either old or new password. The error was that I was using an incorrect password. Could this be due to character set differences? I've worn out my Google foo on this subject.

Answer Summary:
0 Comments   [ + ] Show comments

Comments


Answer Chosen by the Author

0

Hello,

I have an Online Shell Script and this command works perfectly for me:


/usr/bin/dscl . -passwd /Users/USERNAME password


Special characters don't affect the script also works with 10.14.


Give it a try, It should work.

Answered 01/29/2019 by: horacior
Second Degree Green Belt

  • Thanks Horacior! I wasn't hopeful because I could have sworn I tried that... But lo and behold! It worked!
  • Actually, it appears to be touch and go. Looks like it works with High Sierra, but not Mojave. Also, and more importantly, the characters do matter. I learned I had to escape the '#' that was used in a password. Also, if I used a # sign in the beginning of the password, the new user admin password was set to blank. So, be very cautious with your password special characters!

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

View more:

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ