kc9wwh
commented
3 years ago Hey, @joechang222 I haven't personally seen this but hopefully, someone can respond that has this setup configured.
Open joechang222 opened 3 years ago
kc9wwh
commented
3 years ago Hey, @joechang222 I haven't personally seen this but hopefully, someone can respond that has this setup configured.
joechang222
commented
3 years ago Update: The same thing occurs when I run the startosinstall manually from terminal so it appears to have nothing to do with running in root security context. I ran the installer using: sudo '/Applications../startosinstall' --agreetolicense --forcequitapps --nointeraction The upgrade runs and does its thing but the first interaction is Big Sur prompting to reset the 'System Administrator' password. Prior to upgrade the Mac has Maximum Passcode Age set to 90 days but the actual number doesn't seem to make a difference. If it's set the passcode reset comes up on first sign-in. If Maximum Passcode Age is not set Big Sur simply displays the logon fields for ID and password.
TSPARR
commented
3 years ago This is a Big Sur bug that Jamf is tracking as PI-009097 wherein the Passcode policy profile key, "maxPINAgeInDays", causes the additional admin account to reset its password on first login attempt. The three options that exist to resolve it are essentially:
Uncheck the "Maximum Passcode Age" setting from the profile and log in with the additional admin account, it can be re-added afterwards
Do not use this key in the passcode Configuration Profile
Change the account's password
At least until this is resolved.
This script is launched in Self Service by the logged in user. However, the first interaction with the upgraded OS the user is prompted to change the password for System Administrator. It appears this only occurs when there is a Maximum Passcode Age set. This is a payload previously set at enrolment time. If this setting is removed the first interaction the user is presented with is simply the logon screen and all is good. Why is there a password reset prompt for System Administrator? Is there a workaround without removing the Maximum Passcode Age setting in the Passcode payload? Is this due to the script running in the root security context?