v2.1.0 pkg is not setting the right permissions on the files during installation?

[ilikebigruts]

macOSLAPS not actually doing anything...(I replaced the account name in the output)

Running it via the launch daemon did not produce any error but neither did it work. launchctl kickstart -k -p system/edu.psu.macoslaps-check

Info|2021-07-01 09:23:26|macOSLAPS|No Preferred Domain Controller Specified. Continuing... Warning|2021-07-01 09:23:26|macOSLAPS|There has never been a random password generated for this device. Setting a default expiration date of 01/01/2001 in Active Directory to force a password change... Info|2021-07-01 09:23:26|macOSLAPS|Password Change is required as the LAPS password for , has expired Info|2021-07-01 09:23:26|macOSLAPS|The local admin: has been detected to have a secureToken. Performing secure password change... Info|2021-07-01 09:30:40|macOSLAPS|No Preferred Domain Controller Specified. Continuing... Warning|2021-07-01 09:30:40|macOSLAPS|There has never been a random password generated for this device. Setting a default expiration date of 01/01/2001 in Active Directory to force a password change... Info|2021-07-01 09:30:40|macOSLAPS|Password Change is required as the LAPS password for , has expired Info|2021-07-01 09:30:40|macOSLAPS|The local admin: has been detected to have a secureToken. Performing secure password change... Info|2021-07-01 09:49:46|macOSLAPS|No Preferred Domain Controller Specified. Continuing... Warning|2021-07-01 09:49:47|macOSLAPS|There has never been a random password generated for this device. Setting a default expiration date of 01/01/2001 in Active Directory to force a password change... Info|2021-07-01 09:49:47|macOSLAPS|Password Change is required as the LAPS password for , has expired Info|2021-07-01 09:49:47|macOSLAPS|The local admin: has been detected to have a secureToken. Performing secure password change...

But I get and Error when running "macOSLAPS" as root from command line:

Info|2021-07-01 09:10:18|macOSLAPS|No Preferred Domain Controller Specified. Continuing... Warning|2021-07-01 09:10:18|macOSLAPS|There has never been a random password generated for this device. Setting a default expiration date of 01/01/2001 in Active Directory to force a password change... Info|2021-07-01 09:10:18|macOSLAPS|Password Change is required as the LAPS password for , has expired Info|2021-07-01 09:10:18|macOSLAPS|The local admin: has been detected to have a secureToken. Performing secure password change... 2021-07-01 09:10:18.897 macOSLAPS[5583:62046] Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: 'launch path not accessible' First throw call stack: ( 0 CoreFoundation 0x00007fff326b2627 __exceptionPreprocess + 250 1 libobjc.A.dylib 0x00007fff6b5925bf objc_exception_throw + 48 2 Foundation 0x00007fff34d75a4d -[NSConcreteTask launchWithDictionary:error:] + 5213 3 macOSLAPS 0x000000010e28f9c8 $s9macOSLAPS5ShellC3run10launchPath9argumentsS2S_SaySSGtFZ + 648 4 macOSLAPS 0x000000010e28d770 $s9macOSLAPS15KeychainServiceC12loadPassword7serviceSSSg_AFtSS_tFZ + 5760 5 macOSLAPS 0x000000010e298459 $s9macOSLAPS7ADToolsC15password_change15computer_recordySaySo8ODRecordCG_tFZ + 1177 6 macOSLAPS 0x000000010e283baa $s9macOSLAPSAAyyF + 9082 7 macOSLAPS 0x000000010e2809c4 main + 20 8 libdyld.dylib 0x00007fff6c73acc9 start + 1 9 ??? 0x0000000000000001 0x0 + 1 ) libc++abi.dylib: terminating with uncaught exception of type NSException zsh: abort macOSLAPS

The reason: launch path not accessible made me think permission so I had a look at permission on the laps dir: ls -las /usr/local/laps 0 drwxr-x-wx+ 4 root wheel 128 1 Jul 09:09 . 0 drwxr-xr-x 7 root wheel 224 1 Jul 08:55 .. 1264 -rwxr-xr-x 1 root wheel 645728 30 Jun 02:37 macOSLAPS 744 -rw-r--r-- 1 root wheel 378464 18 Jun 16:55 macOSLAPS-repair

macOSLAPS-repair didn't look right so I did: chmod 755 /usr/local/laps/macOSLAPS-repair

and tried again and it worked.

So it looks like the pkg is not setting the right permissions on the files during installation.

[ilikebigruts]

more testing and the permission fix didn't work on macOS 11, after permission change it now gives a different error: macOSLASP-repair cant be opened because Apple cannot check it for malicious software. This software needs to be updated. Contact the developer for more information.

So I changed it back and still getting the following error on macOS 11:

macOSLAPS Info|2021-07-01 10:56:49|macOSLAPS|No Preferred Domain Controller Specified. Continuing... Info|2021-07-01 10:56:49|macOSLAPS|Password Change is required as the LAPS password for , has expired Info|2021-07-01 10:56:49|macOSLAPS|The local admin: has been detected to have a secureToken. Performing secure password change... 2021-07-01 10:56:49.428 macOSLAPS[39489:889233] Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: 'launch path not accessible' First throw call stack: ( 0 CoreFoundation 0x0000000184414c78 __exceptionPreprocess + 240 1 libobjc.A.dylib 0x000000018413d0a8 objc_exception_throw + 60 2 Foundation 0x00000001851c22b4 -[NSConcreteTask launchWithDictionary:error:] + 4548 3 macOSLAPS 0x0000000104a30844 $s9macOSLAPS5ShellC3run10launchPath9argumentsS2S_SaySSGtFZ + 492 4 macOSLAPS 0x0000000104a2ea10 $s9macOSLAPS15KeychainServiceC12loadPassword7serviceSSSg_AFtSS_tFZ + 4756 5 macOSLAPS 0x0000000104a37c14 $s9macOSLAPS7ADToolsC15password_change15computer_recordySaySo8ODRecordCG_tFZ + 1032 6 macOSLAPS 0x0000000104a26444 $s9macOSLAPSAAyyF + 6952 7 macOSLAPS 0x0000000104a23a14 main + 12 8 libdyld.dylib 0x00000001842b5450 start + 4 ) libc++abi: terminating with uncaught exception of type NSException Abort trap: 6

[ilikebigruts]

So in summary chmod 755 /usr/local/laps/macOSLAPS-repair appears to fix the Error on macOS 10.15 but not macOS 11

[joshua-d-miller]

Thank you for this information. Please try the latest build and let me know if it works better for you. Unfortunately my previous employer revoked my certificate and build on macOS 11 or higher require notarization it seems.

[ilikebigruts]

That's working now, tested on macOS 10.15 and macOS 11 (intel and arm), Thanks macOSLAPS is an awesome utility.