Feature Request: Force password change at first login

Being able to force a password change at first login would be a handy feature when creating a user account using a generic password.

I've experimented with doing this in macOS 10.15.6 using a com.apple.mobiledevice.passwordpolicy profile though it appears that payload can only be applied to an individual user when that user is currently logged in.

[gregneagle]

This is not a feature I need, nor one I know how to implement. I'd be happy to review a Pull Request that implemented such functionality. Installing a config profile using the profiles command is a dead-end, though, since that functionality is removed in Big Sur.

[jelockwood]

@serrc-techops The following won't help you except prevent you wasting time.

macOS has a pwpolicy command you could run in a script via which in theory you can trigger the need for the user to change their password on next login. Unfortunately Apple broke this in Catalina, in Catalina if you use it it screws up the user account and this then requires resetting the password via a normal mechanism e.g. System Preferences from another admin account.