New Command Line Options
In macOSLAPS 3.0.0 there are now two new command line options that can be called
-firstPass
- When using this key a password reset will be triggered and the either the FirstPass configuration profile key will be used OR you can specify the FirstPass as a string in the second argument when running macOSLAPS from the command line in quotes (Example:"p938hne(P*JP(*#"
)- SideNote: The FirstPass key in the configuration profile will take precedence as most people have it configured that way at this time. If you want to specify it in the command line remove the key from the configuration profile.
-help
- Displays a help menu of ALL available macOSLAPS command line arguments
Password Requirements
New in this version you can set Password Requirements for the generated password. These requirements will allow validation of the password BEFORE it is changed and saved to Keychain (and AD if still using Active Directory). This can be performed by setting the following in config:
<key>PasswordRequirements</key>
<dict>
<key>Lowercase</key>
<integer>1</integer>
<key>Uppercase</key>
<integer>1</integer>
<key>Number</key>
<integer>1</integer>
<key>Symbol</key>
<integer>1</integer>
</dict>
With these settings in the example above your password would need to have 1 lowercase, 1 uppercase, 1 number and 1 symbol. macOSLAPS will try 10
times to validate a generated password before exiting out and logging.
Optional LaunchDaemon
With this release, you can elect to forgo the use the of the LaunchDaemon and activate macOSLAPS manually from your MDM of choice.
Bug Fixes
- Detection if the output folder for the local method is not available and will be created
- Password verification for local method when attempting to retrieve the password that is logged.
- Determining if the keychain item exists or not when attempting to retrieve the password that is also logged.
- Fix for the error of using the
paths.d/laps
file by adding/bin/chmod 744 /etc/paths.d/laps
to thepostinstall
- Local method will now actually change the password first time as there was a bug with detecting the keychain item.
Special Thanks
I sincerely appreciate the feedback and helpfulness of the community. Thanks to @franton for the Pre and PostInstall PKG scripts. I once again want to thank the entire MacAdmins community and those especially involved in the #macoslaps
channel for their feedback and encouragement.