Skip to main content
Solved

Tahoe Not Respecting Lock Screen Setting

  • June 15, 2026
  • 1 reply
  • 50 views

Brian-6472
Forum|alt.badge.img

We have a lab environment where we explicitly want the screen saver / display timeout to be a specific time, but we don’t want the user to have to re-enter the password when the display wakes / screen saver exits.

When we set a Configuration Profile with a Security and Privacy: General payload, we can successfully set Require Passcode to Unlock Screen to enabled and set to a specific time (Immediately, 5 minutes, 8 hours, etc.), and this works as expected.  But when we try setting it to “Never”, the target device updates and reverts to “Immediately”.  I’ve also tried setting it to “Immediately” to see if “Never” and “Immediately” were just swapped in the Jamf UI, but that wasn’t it.

I’ve also tried using a plist file in a Application & Custom Settings payload with a domain of com.apple.screensaver as detailed from Apple’s documentation.

However, this doesn’t seem to work at all, and the settings don’t seem to take effect.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>askForPassword</key>
<false/>
<key>moduleName</key>
<string>Tahoe Day</string>
</dict>
</plist>

Any ideas?  If we don’t define the plist file and don’t define the setting within Security and Privacy: General, then the (non-admin) user account is freely able to set the password requirement timeout themselves, so I don’t believe there’s any conflicting policy/profile option that is overriding what I’m trying to do.

Thanks.

Best answer by dletkeman

We don’t do this but I thought I’d ask AI what to do in this case as I find this interesting.  It tells me the following:

  • “Never require password” isn’t truly supported via MDM anymore
  • Setting askForPassword=false causes fallback to “Immediately”
  • Use:
    • askForPassword = true
    • askForPasswordDelay = 2147483647

This achieves:

  • Password technically enabled
  • Delay so large that users will never realistically be prompted

Does that work for you?

1 reply

dletkeman
Forum|alt.badge.img+18
  • Jamf Heroes
  • Answer
  • June 16, 2026

We don’t do this but I thought I’d ask AI what to do in this case as I find this interesting.  It tells me the following:

  • “Never require password” isn’t truly supported via MDM anymore
  • Setting askForPassword=false causes fallback to “Immediately”
  • Use:
    • askForPassword = true
    • askForPasswordDelay = 2147483647

This achieves:

  • Password technically enabled
  • Delay so large that users will never realistically be prompted

Does that work for you?