Category filter
How to reset macOS user password?
The Change Password remote action in Hexnode UEM allows IT administrators to centrally reset user account passwords on managed macOS devices by authenticating with a secure token-enabled local administrator account.
Why remotely reset macOS passwords?
Centralized password management ensures secure and prompt access delegation during employee role changes, departures, or new user onboarding, eliminating the need for physical access to each Mac device.
Prerequisites
| Prerequisite | Description |
|---|---|
| APNs | Apple Push Notification service (APNs) must be configured and active in the Hexnode UEM console. |
| Device Enrollment | The macOS device must be enrolled in Hexnode UEM. |
| Admin Credentials | The action requires the username and password of a secure token-enabled local administrator account existing on the target device. |
Step-by-Step: Resetting macOS User Password
Administrators can reset passwords for individual devices or in bulk directly from the Hexnode console.
- Log in to your Hexnode UEM console.
- Navigate to Manage > Devices.
- Select the macOS device(s) for which you want to reset the user password.
- Click Actions.
- Navigate to Policies & Accounts actions > Manage user account > macOS > Change Password.
- Configure the Admin Account Credentials. Enter the username and password of an existing admin on that Mac. (This is required by Apple’s security framework to “unlock” the password change)
- Enter the Target Account Details (see tables below).
- Click Done (or the confirmation button) to execute the command.
Configuration Parameters
To successfully reset the password, you must first authenticate using local admin credentials and then define the target user account.
Admin Account Credentials
Enter the details of the secure token-enabled administrator account to authorize the reset.
| Setting | Description |
|---|---|
| Username | Enter the username of the administrator account.
Note:
|
| Password | Enter the correct password for the specified administrator account. |
Target Account Details
Define which user account(s) will have their password reset and specify the new credentials.
| Setting | Description |
|---|---|
| Target based on | Select the method to identify the user account:
|
| New Password | Specify the new password for the target account(s). |
| Password Hint | Enter a hint to help users recall the password. This appears after three failed login attempts or when clicking the question mark icon. |
Important Note on Special Characters:
When setting a new password, it is recommended to exclude the following special characters to prevent encoding issues:
¡, ™, £, ¢, ∞, §, ¶, •, ª, º, –, ≠, «, ‘, “, æ, …, ÷, ≥, ≤
Alternative Method: Using Custom Scripts
For advanced workflows or bulk resets, Hexnode supports Bash scripts.
Learn more about the script to change user password on Mac.
Admins can deploy this via the Execute Custom Script action for precise control over the User management.
What Happens at the Device End?
Once the Change Password action is successfully executed:
- The password for the targeted account is updated immediately.
- The user must enter the new password during their next login attempt.
Frequently Asked Questions (FAQ)
What credentials are required to reset a macOS user password via Hexnode?
You must provide the credentials (username and password) of a secure token-enabled local administrator account that already exists on the target macOS device.
Are there any restrictions on characters used in the new password?
Yes. It is recommended to avoid specific special characters (such as £, ∞, §, æ, ÷) to ensure compatibility. Refer to the configuration notes for the full list of excluded characters.
How to track if any admin users on the device have Secure Token enabled?
Hexnode’s Local Accounts tab identifies which users have a Secure Token, which is essential for FileVault-enabled Macs to ensure the new password works at the pre-boot login screen.
