Customization
ADPassMon has a few custom options that are not exposed via the preferences window. You must write these options directly into ADPassMon's preference plist file, found here: ~/Library/Preferences/org.pmbuko.ADPassMon.plist
If you want to keep the Accessibility setup dialog box from appearing when your users first run ADPassMon, you can set the accTest preference value to 0 to disable it.
defaults write org.pmbuko.ADPassMon accTest 0
You can set method that ADPassMon uses to change passwords with this command, using a value of 1 for native OS method or 2 for ADPassMon method. This option is available in the preferences window.
defaults write org.pmbuko.ADPassMon selectedBehaviour -int 2
If you’ve used Keychain Minder, but have changed the text that it displays, you can set a dialog box to appear before the keychain lock page by setting the following:
defaults write org.pmbuko.ADPassMon keychainPolicy "<some text>"
If you are an administrator and need an easy way to remind your users of your organization's password complexity requirements, you can enable the password policy reminder feature by defining a pwPolicy key in ADPassMon's plist file. You can do this either by editing the plist file directly with a plist editor (Xcode works well for this), or by setting the content of the reminder message in the terminal as follows:
defaults write org.pmbuko.ADPassMon pwPolicy "Your password requirement message goes here."
The password policy reminder dialog button's default text is "OK", but you can change it as follows:
defaults write org.pmbuko.ADPassMon pwPolicyButton "<button title here>"
When the pwPolicy value is set, a policy reminder alert like the one below will appear when you select Change Password from the ADPassMon menu. You must click the single button before you can change your password.
If your organization uses a web-based password management tool, you can add a button to the password policy dialog that will take your users to that site. You can also choose which browser to use if your site only supports Firefox, for example.
defaults write org.pmbuko.ADPassMon pwPolicyURLButton "<url button name>"
defaults write org.pmbuko.ADPassMon pwPolicyURLButtonURL "<some url>"
defaults write org.pmbuko.ADPassMon pwPolicyURLBrowser "<browser name>"
You may not wish the user to change their password via ADPassMon at all (for example, if your users are required to use a website). You can set this with the following command or via MCX. Any password policy options you've set will still appear, but when the user clicks “OK” the dialog box is dismissed & no further action is taken. This option is available in the preferences window.
defaults write org.pmbuko.ADPassMon allowPasswordChange -bool "<boolean value>"
If you wish to prevent your users from changing settings, you can disable access to the Preferences window. (Note: Users will still be able to enable or disable Notification Center alerts via the menu option.)
defaults write org.pmbuko.ADPassMon prefsLocked true
On launch, ADPassMon will check to see if the user's keychain is locked. This is performed by trying to unlock the user's keychain. If it cannot, the user is prompted to update it. Enable this option with the following command:
defaults write org.pmbuko.ADPassMon enableKeychainLockCheck -bool true
By default, ADPassMon updates password exipration information every 4 hours, but you can change it wil the following command. (This option is accessible via the preferences window.
defaults write org.pmbuko.ADPassMon passwordCheckInterval -int "<interval in hours>"
By default, ADPassMon will not run if the logged in account is a local (non-AD) account. To override this and have ADPassMon run as if the account were an AD account (for example, if the computer is bound and your local account name matches your AD account name), use the following command:
defaults write org.pmbuko.ADPassMon runIfLocal -bool true