Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Big Sur upgrade prompting for System Administrator password reset #171

Open
joechang222 opened this issue Mar 21, 2021 · 3 comments
Open

Big Sur upgrade prompting for System Administrator password reset #171

joechang222 opened this issue Mar 21, 2021 · 3 comments
Labels
third-party issue

Comments

@joechang222
Copy link

This script is launched in Self Service by the logged in user. However, the first interaction with the upgraded OS the user is prompted to change the password for System Administrator. It appears this only occurs when there is a Maximum Passcode Age set. This is a payload previously set at enrolment time. If this setting is removed the first interaction the user is presented with is simply the logon screen and all is good. Why is there a password reset prompt for System Administrator? Is there a workaround without removing the Maximum Passcode Age setting in the Passcode payload? Is this due to the script running in the root security context?
@kc9wwh
Copy link
Owner

kc9wwh commented Mar 22, 2021

Hey, @joechang222 I haven't personally seen this but hopefully, someone can respond that has this setup configured.

@joechang222
Copy link
Author

Update: The same thing occurs when I run the startosinstall manually from terminal so it appears to have nothing to do with running in root security context. I ran the installer using:
sudo '/Applications../startosinstall' --agreetolicense --forcequitapps --nointeraction
The upgrade runs and does its thing but the first interaction is Big Sur prompting to reset the 'System Administrator' password. Prior to upgrade the Mac has Maximum Passcode Age set to 90 days but the actual number doesn't seem to make a difference. If it's set the passcode reset comes up on first sign-in. If Maximum Passcode Age is not set Big Sur simply displays the logon fields for ID and password.

@TSPARR
Copy link

TSPARR commented Mar 26, 2021

This is a Big Sur bug that Jamf is tracking as PI-009097 wherein the Passcode policy profile key, "maxPINAgeInDays", causes the additional admin account to reset its password on first login attempt. The three options that exist to resolve it are essentially:

  1. Uncheck the "Maximum Passcode Age" setting from the profile and log in with the additional admin account, it can be re-added afterwards

  2. Do not use this key in the passcode Configuration Profile

  3. Change the account's password

At least until this is resolved.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
third-party issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kc9wwh @TSPARR @joechang222