How to set up a mobile account password policy in MacOs?

R

Rasty2020-07-31 07:52:00

Active Directory

Rasty, 2020-07-31 07:52:00

I have the latest version of macos 10.15.6 associated with the ActiveDirectory domain. In order for the user to log in under his domain account on a poppy, after his first login, a mobile account is created.
But many users do not like to enter strong passwords and at home they change it to something like 12345. After some time, perhaps after coming to the office, they cannot log into their account. I assume that the password does not fall under the domain password policy and it is reset back to the domain.
Question: Is it possible to set up a local mobile account password policy in MacOs so that the user cannot set a simple password.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

E

elbrus56, 2020-07-31
@elbrus56

The most comprehensive article is macadminsdoc.readthedocs.io/en/master/Integration/...
If the Mac is linked to a domain, then the password policy comes from the domain, and if you change the password of a domain user, then a request for a new one will appear only at the next login + notification from a bunch of keys.
Entering Macs into a domain is, although supported, but not the most trending technology.
For your purposes, it is better to use a combination of MDM + Nomad
MDM will provide a password policy, and Nomad will help with access to corporate resources without being tied to a domain.
By the way, the same Nomad synchronizes the AD password with the local password, so when you change the local password, it will sooner or later turn into a domain one again.