Error while deploying script to delete password in keychainSolved

Participant
Discussion
2 years ago

Good morning!

I have deployed almost 125 macs to my students. Now these students are graduating, so the devices are handed over to the new students. The ownership changes were smooth with the help of hexnode. But some students have stored their login passwords to various accounts on their keychain app. I would like to erase all passwords stored by the previous students so that the new students be able to set up fresh accounts for their use. I was able to come up with a script to perform this task but when I deployed it through hexnode, it showed an error. Given below is the script I used.

security delete-keychain ~/Library/Keychains/login.keychain

This was the error popping up when I ran the script “security: SecKeychainDelete: The specified keychain could not be found”. Can anyone give me directions on how to rectify the script.

Replies (3)

Marked SolutionPending Review
Hexnode Expert
2 years ago
Marked SolutionPending Review

Hey @connor-shaw,
Thanks for reaching out on Hexnode Connect!

Executing the script through Hexnode UEM executes the script with root permission. So, the tilde (~) character tries to fetch the keychain file in the path /private/var/root/Library/Keychains/. You can rectify the script by mentioning the correct path of the keychain file.

Use the script given below to delete the login keychain file. Provide the user account as an argument while deploying the script to target devices.

The script provided above is adapted from third-party Open-Source sites. Therefore, it is advised to manually validate the script execution on a system before executing in bulk.

I hope that helps. Please feel free to contact us for more queries.
Cheers!
Johan Blake
Hexnode UEM

Marked SolutionPending Review
Participant
2 years ago
Marked SolutionPending Review

What if we require only selected login items to be deleted from the file?

Marked SolutionPending Review
Hexnode Expert
2 years ago
Marked SolutionPending Review

Hey @Patricia-Rodriguez,
Thank you for choosing Hexnode Connect!

We can delete specific internet password items from the required keychain file by using the same security command. For example, run the below command to delete a keychain item with the account name “GitLab login”.

Provide the user account as the argument while deploying the script through Hexnode UEM. You can delete internet password items using various filters. For example, replace –a with the following codes to filter out the internet password item. Several of the available filters are listed below:

Code Meaning Description
-a Account Match account string
-c Creator Match creator (four-character code)
-C Type Match type (four-character code)
-D Kind Match kind string
-G Value Match value string (generic attribute)
-j Comment Match comment string
-l Label Match label string
-s Service Match service string
Save