Skip to content

@joshua-d-miller joshua-d-miller released this Aug 15, 2019

Another maintenance release for macOSLAPS that places the Mac Developer certificate back on the binary which will expire on July 26, 2020. This will resolve any issues with accessing the keychain item of the stored secureToken password. Special thanks to Rick007 for testing the changes.

Assets 3

@joshua-d-miller joshua-d-miller released this Jul 29, 2019

This is another maintenance release of macOSLAPS. This release is signed with the new certificate and was built with Xcode 10.1 as this version of Xcode was the last version to allow the building of a Swift binary with the built-in libraries for backward compatibility. Newer versions of Xcode do not include these libraries as they are built into macOS 10.14.4 and above.

Assets 3

@joshua-d-miller joshua-d-miller released this Jul 25, 2019

This is a minor update to macOSLAPS that re-signs the binary as the certificate used originally to sign the binary was revoked. Please update to this version to continue using.

Assets 3

@joshua-d-miller joshua-d-miller released this Feb 7, 2019 · 3 commits to master since this release

Welcome to the latest release of macOSLAPS. I have highlighted the fixes and new features below:
Note: Seems like the package didn't build right so I'm reuploading the pkg. Same version.

Changes in 1.1.1 Build 223:

  • secureToken/FileVault Support
    • With this release, the secureToken admin can be updated. In order to achieve this, we will be now writing the randomized password to the System keychain. To utilize this feature you will need to specify the FirstPass property in your configuration profile with the password that is initially set for the admin user with a secureToken. This will be read in once, then from that point forward, the system keychain entry will be used. Additionally, I have implemented to look for secureToken if macOS is 10.13.x or later. In older version of macOS we will check to make sure the user is a FileVault user so being able to use your LAPS admin on any version of macOS 10.10 or higher should be possible.
  • Preferred Domain Controller
    • You can now specify a domain controller in macOSLAPS by adding the PreferredDC property to your configuration profile. This will then connect to this particular server when performing the password change.
  • Writable DC Check Fixed
    • Thanks to Peter Szul from the MacAdmins Slack, it was determined that when a machine is newly bound that the expiration time is an invalid date of 01/01/0001 12:00:00 AM. Since this will obviously fail, I have gone ahead and implemented an additional check when this happens to try writing a burner password since we will be changing the password anyway.
  • New check version option
    • You can now check the version of macOSLAPS by running /usr/local/laps/macOSLAPS -version

Please test in your environment and please let me know on the #macosLAPS Slack if you run into any issues.

Assets 3
Feb 7, 2019
Merge remote-tracking branch 'refs/remotes/origin/master'
Pre-release

@joshua-d-miller joshua-d-miller released this Feb 1, 2019 · 7 commits to master since this release

This is a newly built release candidate for macOSLAPS

Changes in 1.0.6 Build 205:

  • secureToken Support
    • With this release the secureToken admin can be updated. In order to achieve this, we will be now writing the randomized password to the System keychain. To utilize this feature you will need to specify the FirstPass property in your configuration profile with the password that is initially set for the admin user with a secureToken. This will be read in once, then from that point forward, the system keychain entry will be used.
  • Preferred Domain Controller
    • You can now specify a domain controller in macOSLAPS by adding the PreferredDC property to your configuration profile. This will then connect to this particular server when performing the password change.
  • Writable DC Check Fixed
    • Thanks to Peter Szul from the MacAdmins Slack, it was determined that when a machine is newly bound that the expiration time is an invalid date of 01/01/0001 12:00:00 AM. Since this will obviously fail, I have gone ahead and implmented an additional check when this happens to try writing a burner password since we will be changing the password anyway.

Please test in your environment and please let me know on the #macosLAPS Slack if you run into any issues.

Assets 3
Feb 6, 2019
Merge remote-tracking branch 'refs/remotes/origin/master'
Feb 1, 2019
Merge remote-tracking branch 'refs/remotes/origin/master'

@joshua-d-miller joshua-d-miller released this Nov 15, 2018 · 17 commits to master since this release

This new build has changed the keychain function to pull the NFSHomeDirectory attribute BEFORE appending the "/Library/Keychains" path since some local admin accounts are not always located in the "/Users" folder this should solve issue #23.

Signing for the package as well as the binary has been changed to The Pennsylvania State University.

Assets 3

@joshua-d-miller joshua-d-miller released this Mar 9, 2018 · 22 commits to master since this release

This new build is a small update for the code to Swift 4 and should resolve issue #14. I have also added a check to make sure we can write to the directory by pulling the Expiration Time and then writing it back to the computer record as we should have write access to do so before performing the password change. I have also changed the password change logic to change the local admin password FIRST in Active Directory before changing it locally which should resolve issue #8. Please download and give this a try.

--Updated May 7, 2018 - Fixed a bug that would cause the executable to crash if Active Directory was not available because we are now specifying the direct path. Should address issue #17. Also added the new plist that will make it run every 90 minutes. Fixed small typos and made the Active Directory not available message report as error.

Assets 3
You can’t perform that action at this time.