search

joshua-d-miller / macOSLAPS

Swift binary that will change a local administrator password to a random generated password. Similar behavior to LAPS for Windows
MIT License
382 stars 57 forks source link

Configuration Profile Set to "Local" but macosLAPS thinks it is bound to AD #92

Open brianhm opened 1 year ago

brianhm commented 1 year ago

Ventura 13.2.1 13-inch Retina MacBook Pro with TouchID (Mid 2017)

Script result: Info|2023-02-15 16:58:48|macosLAPS|the -firstPass argument was invoked. Using the Configuration Profile specified password or the argument password that was specified. Error|2023-02-15 16:58:48|macosLAPS|This machine does not appear to be bound to Active Directory

Configuration Profile Used: Domain: edu.psu.macoslaps `<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

DaysTillExpiration 1 LocalAdminAccount servicedesk PasswordLength 14 RemovePassChars {}[]| Method Local PasswordRequirements Lowercase 2 Uppercase 2 Number 2 Symbol 2 ` Script: `#!/bin/bash # Remove the LaunchDaemon launchctl unload /Library/LaunchDaemons/edu.psu.macoslaps-check.plist launchctl remove /Library/LaunchDaemons/edu.psu.macoslaps-check.plist rm -rf /Library/LaunchDaemons/edu.psu.macoslaps-check.plist # Run the initial macOS LAPS Password Set /usr/local/laps/macosLAPS -firstPass "adminpassword123" -resetPassword exit 0` Confirmed that the Configuration Profile was successfully deployed to the machine with settings above by checking in Profiles.
joshua-d-miller commented 1 year ago

Hello there!

I actually just did a quick test of this and I'm curious if you might have the macOSLAPS plist in multiple places. You said you had a configuration profile but I'm curious if you may also have settings defined in /Library/Preferences/edu.psu.macoslaps which might be conflicting which is why it might be attempting to use Active Directory.

Thanks!

brianhm commented 1 year ago

Does the installation package create a plist as part of that process? I didn't install or create one at any point. I just installed the package, have a script that deletes the LD, and a config profile that is deployed to the system prior to the install. And no, I do not see that preferences file in Library -> Prefs

joshua-d-miller commented 1 year ago

@brianhm,

Interesting, it should pull whatever is in the configuration profile. Would you mind posting the sanitized plist?

Thanks!

aporzio1 commented 1 year ago

I get the same error, I made a configuratuion profile and just double clicked it though. Will it make a difference vs being deplyed my MDM?

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>PayloadContent</key>
    <array>
        <dict>
            <key>DaysTillExpiration</key>
            <integer>30</integer>
            <key>FirstPass</key>
            <string>Passwordpassword01</string>
            <key>LocalAdminAccount</key>
            <string>localadmin</string>
            <key>Method</key>
            <string>Local</string>
            <key>PasswordGrouping</key>
            <integer>5</integer>
            <key>PasswordLength</key>
            <integer>25</integer>
            <key>PasswordRequirements</key>
            <dict>
                <key>Lowercase</key>
                <integer>3</integer>
                <key>Number</key>
                <integer>3</integer>
                <key>Uppercase</key>
                <integer>3</integer>
            </dict>
            <key>PasswordSeparator</key>
            <string>-</string>
            <key>PayloadDisplayName</key>
            <string>macOS LAPS</string>
            <key>PayloadIdentifier</key>
            <string>edu.psu.macoslaps.6187ACD2-4E8D-49A4-801A-E13F346C8287</string>
            <key>PayloadType</key>
            <string>edu.psu.macoslaps</string>
            <key>PayloadUUID</key>
            <string>6187ACD2-4E8D-49A4-801A-E13F346C8287</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
        </dict>
    </array>
    <key>PayloadDisplayName</key>
    <string>Untitled</string>
    <key>PayloadIdentifier</key>
    <string>Andrews-MacBook-Pro.33FA1433-9DE2-4E47-9A29-9B8CBE2F5E72</string>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadUUID</key>
    <string>33FA1433-9DE2-4E47-9A29-9B8CBE2F5E72</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
</dict>
</plist>
joshua-d-miller commented 5 months ago

Hi there,

I'm sorry for the delayed response. Would you mind trying the pre-release 4.0.0 version and let me know if it works for you? Your profile looks correct however are you specifying the PLIST anywhere else?

Thanks!