Centrify DirectControl for Mac OS XQuestion:
Does Centrify have group policy options to manage or customize the password reminder prompt for Mac OS X?Answer:
- Centrify DirectControl has several policy options to enable message prompts for different account conditions including password error, password expiration and account lockout.
- However, only the "Set password expiry approaching text" will produce a prompt at the main GUI login screen.
- The other messages will only appear for command-line logins, such as when using SSH or Terminal to log an AD account into the Mac.
The prompt only appears during login - it does NOT appear when switching between user sessions via Fast User Switching as those are not user logins.
The GP can be found at:
- Computer Configuration / Centrify Settings / DirectControl Settings / Password Prompts / "Set password expiry approaching text"
(Note: The centrifydc_settings.xml
template needs to be added into the GPO for this policy to be visible)
By default, the reminder prompt is set to appear 14 days before the users password is due to expire.
This value can also be configured via the GP at:
- Computer Configuration / Windows Settings / Security Settings / Local Policies / Security Options / "Interactive Logon: Prompt user to change password before expiration"
Note that the above settings can also be manually configured on a per-machine basis by editing the configuration file at: /etc/centrifydc/centrifydc.conf
Search for the following parameters within the file for a description of how to configure them: