Command Line Flags
Joshua D. Miller edited this page Jan 30, 2023
·
3 revisions
There are few command line flags that macOSLAPS currently accepts which can be called by the local admin physically or remotely accessing the machine via terminal or by your MDM of choice. All flags require a - before
| Command | Description |
|---|---|
version* |
Displays the current version of macOSLAPS and exits gracefully |
resetPassword |
Disregards the expiration date and performs a password reset. NOTE: If your administrator has a secureToken, macOSLAPS MUST know the current password either via the keychain entry or the FirstPass key in order to successfully change the password. |
getPassword |
If using the Local method, macOSLAPS will read the password and expiration date and output them to the filesystem as files temporarily. Files are deleted on next run. NOTE: This flag will do nothing if using the AD Method. |
firstPass |
Allows you to specify what the First Password is for the local admin account you want to change the password for. Using this option allows you to forego specifying the Password in the FirstPass key in the Configuration Profile. |
help* |
Displays a helpful menu of options you can specify when running macOSLAPS. Those options would be these options listed. |
* These commands DO NOT require macOSLAPS to be run as root as of 3.0.3