We have a lab environment where we explicitly want the screen saver / display timeout to be a specific time, but we don’t want the user to have to re-enter the password when the display wakes / screen saver exits.
When we set a Configuration Profile with a Security and Privacy: General payload, we can successfully set Require Passcode to Unlock Screen to enabled and set to a specific time (Immediately, 5 minutes, 8 hours, etc.), and this works as expected. But when we try setting it to “Never”, the target device updates and reverts to “Immediately”. I’ve also tried setting it to “Immediately” to see if “Never” and “Immediately” were just swapped in the Jamf UI, but that wasn’t it.
I’ve also tried using a plist file in a Application & Custom Settings payload with a domain of com.apple.screensaver as detailed from Apple’s documentation.
However, this doesn’t seem to work at all, and the settings don’t seem to take effect.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>askForPassword</key>
<false/>
<key>moduleName</key>
<string>Tahoe Day</string>
</dict>
</plist>Any ideas? If we don’t define the plist file and don’t define the setting within Security and Privacy: General, then the (non-admin) user account is freely able to set the password requirement timeout themselves, so I don’t believe there’s any conflicting policy/profile option that is overriding what I’m trying to do.
Thanks.