joshua-d-miller/ResetmacOSLAPS.sh

## ResetmacOSLAPS.sh
#!/bin/sh
: '
----------------------
 Penn State MacAdmins
----------------------
Performs the following:
  - Captures the current password of your local admin
  if you know it and then changes the password to
  the FirstPassKey
Notes:
  - Starts at $4 variables to accomodate for jamf Pro
  - $4 should be the location of your PLIST whether in
  Managed Preferences MDM or just Preferences
Sources:
  - https://github.com/homebysix/jss-filevault-reissue/blob/main/reissue_filevault_recovery_key.sh
  - https://stackoverflow.com/questions/4780893/use-expect-in-a-bash-script-to-provide-a-password-to-an-ssh-command
-------------------------------------
  Joshua D. Miller - josh@psu.edu
  The Pennsylvania State University

  Last Update: July 25, 2021
-------------------------------------
'
# Get the logged in user's name
CURRENT_USER=$(/bin/echo "show State:/Users/ConsoleUser" | /usr/sbin/scutil | /usr/bin/awk '/Name :/&&!/loginwindow/{print $3}')
# Get User ID
USER_ID=$(/usr/bin/id -u "$CURRENT_USER")
# Current Configured Admin Account
ADMIN_TO_RESET=`/usr/bin/defaults read "$4" LocalAdminAccount`
# Set New Password to FirstPass Key
FIRST_PASSWORD=`/usr/bin/defaults read "$4" FirstPass`
# Capture Old Password
OLD_PASSWORD="$(/bin/launchctl "asuser" "$USER_ID" sudo -u "$CURRENT_USER" /usr/bin/osascript -e 'display dialog "Please enter the current Local or AD Password for '"$ADMIN_TO_RESET"':" default answer "" with title "macOSLAPS Password Rotation Reset" with text buttons {"OK"} default button 1 with hidden answer' -e 'return text returned of result')"
OLD_PASSWORD=$(printf '%s\n' "$OLD_PASSWORD" | sed -e 's/[]\/$*.^[]/\\&/g')
# Perform the Password Change
/usr/bin/expect << EOF
spawn /usr/bin/passwd "$ADMIN_TO_RESET"
expect "Changing password for*"
expect "Old Password:"
send "$OLD_PASSWORD\r"
expect "New Password:"
send "$FIRST_PASSWORD\r"
expect "Retype New Password:"
send "$FIRST_PASSWORD\r"
expect Shell>
EOF
	#!/bin/sh
	: '
	----------------------
	Penn State MacAdmins
	----------------------
	Performs the following:
	- Captures the current password of your local admin
	if you know it and then changes the password to
	the FirstPassKey
	Notes:
	- Starts at $4 variables to accomodate for jamf Pro
	- $4 should be the location of your PLIST whether in
	Managed Preferences MDM or just Preferences
	Sources:
	- https://github.com/homebysix/jss-filevault-reissue/blob/main/reissue_filevault_recovery_key.sh
	- https://stackoverflow.com/questions/4780893/use-expect-in-a-bash-script-to-provide-a-password-to-an-ssh-command
	-------------------------------------
	Joshua D. Miller - josh@psu.edu
	The Pennsylvania State University

	Last Update: July 25, 2021
	-------------------------------------
	'
	# Get the logged in user's name
	CURRENT_USER=$(/bin/echo "show State:/Users/ConsoleUser" \| /usr/sbin/scutil \| /usr/bin/awk '/Name :/&&!/loginwindow/{print $3}')
	# Get User ID
	USER_ID=$(/usr/bin/id -u "$CURRENT_USER")
	# Current Configured Admin Account
	ADMIN_TO_RESET=`/usr/bin/defaults read "$4" LocalAdminAccount`
	# Set New Password to FirstPass Key
	FIRST_PASSWORD=`/usr/bin/defaults read "$4" FirstPass`
	# Capture Old Password
	OLD_PASSWORD="$(/bin/launchctl "asuser" "$USER_ID" sudo -u "$CURRENT_USER" /usr/bin/osascript -e 'display dialog "Please enter the current Local or AD Password for '"$ADMIN_TO_RESET"':" default answer "" with title "macOSLAPS Password Rotation Reset" with text buttons {"OK"} default button 1 with hidden answer' -e 'return text returned of result')"
	OLD_PASSWORD=$(printf '%s\n' "$OLD_PASSWORD" \| sed -e 's/[]\/$*.^[]/\\&/g')
	# Perform the Password Change
	/usr/bin/expect << EOF
	spawn /usr/bin/passwd "$ADMIN_TO_RESET"
	expect "Changing password for*"
	expect "Old Password:"
	send "$OLD_PASSWORD\r"
	expect "New Password:"
	send "$FIRST_PASSWORD\r"
	expect "Retype New Password:"
	send "$FIRST_PASSWORD\r"
	expect Shell>
	EOF