Help

DON'T Require Password After Screen saver begins or display is turned off

dtmille2
Contributor III

Posted on ‎10-12-2023 06:44 AM

Hi all,

 

I've discovered that this profile we push to lab machine to disable the requirement for a password when the computer display is turned off is no longer working in Sonoma:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>askForPassword</key>
<integer>0</integer>
</dict>
</plist>

This profile now causes the setting in System Settings>Lock Screen>Require Password After Screen saver begins or display is turned off to be set to IMMEDIATELY.

Anyone see this or have alternate solution for environments where we don't want the screen to lock when the display turns off (other than setting it manually?)?

0 Kudos
8 REPLIES 8

PaulHildahl
New Contributor

Posted on ‎11-07-2023 12:09 PM

I don't have a solution, but I can confirm we are seeing the same behavior.

0 Kudos

chrisdaggett
Contributor II

‎11-13-2023 09:04 AM - edited ‎11-13-2023 09:21 AM

Same issue. In Security & Privacy config, it doesn't matter if you set Immediately or Never for "Require Passcode to Unlock Screen", on the device it sets to Immediately. 

0 Kudos

Mike4
New Contributor III

Posted on ‎11-29-2023 06:14 PM

I've run into the same issue while preparing my Sonoma configuration for lab rebuilds, but seem to have worked out the solution. See below for the working settings. This sets require password after screen saver or sleep to never.

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>askForPassword</key>

<true/>

<key>askForPasswordDelay</key>

<real>2147483647</real>

</dict>

</plist>

 

ctarbox
Contributor II
In response to Mike4

Posted on ‎12-28-2023 10:03 AM

I am seeing exactly this issue with my lab rebuilds also -- sonoma. I tried the solution above and it worked perfectly. Thank you Mike4!!!!

0 Kudos

iamYaje
New Contributor III
In response to Mike4

Posted on ‎01-08-2024 01:17 PM

@Mike4 Thanks for posting a solution!

How did you deploy this .plist? If you delivered it via a custom configuratoin payload, which domain did you use? I did not ind similar settings in the com.applescreensaver.plist when digging around just now.

0 Kudos

micmil
New Contributor III

Posted on ‎01-10-2024 08:27 AM

Thanks to @Mike4 for pointing us in the right direction! This is a very frustrating change on Apple's part, and I'm disappointed that Jamf hasn't patched this yet months after Sonoma's release. 

To answer @iamYaje 's question: the domain we want to apply these changes to is com.apple.screensaver. More info can be found here:

https://developer.apple.com/documentation/devicemanagement/screensaver
https://developer.apple.com/documentation/devicemanagement/screensaveruser

However, I was not able to get this to work using @Mike4's settings. Specifically, I had to change the value type for 'askForPasswordDelay' from 'real' to 'integer', per the documentation linked above. After that, it works perfectly. Maybe Apple changed something in an update and 'real' is no longer valid. I tested on OS 14.2.1.

I also added an extra key to disable the screensaver completely (why in 2024 Apple doesn't just have the screensaver disabled by default is mindboggling). These settings will accomplish that:

<key>idleTime</key>
<integer>0</integer>

Note: this setting is listed on the docs as applying only to the user's individual screensaver settings, but adding the key to the computer-wide 'com.apple.screensaver' plist works just fine.

0 Kudos

iamYaje
New Contributor III
In response to micmil

Posted on ‎01-11-2024 08:39 AM

@micmil thanks for posting this reply.

We use autologin to a standard user-account in our secure lab environment. That autologin feature now only works after a computer restart (following upgrade to Sonoma) after the password has been entered once for the account in a given time-period. If the screen saver goes active, we then need to enter the password again if the computer is restarted.

I'm attempting to configure the .plist for com.apple.screensaver and it hasn't been working so far. It looked like it was overlapping with our Security and Privacy payload setting (same key), so I unconfigured that. When exporting the profiles to XML to review, I'm not seeing the <integer>xxx...</integer> key show up in the configuration for some reason and the password is still being required when the screensaver comes up. Any ideas as to what we might be missing?:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>askForPassword</key>
<true/>
<key>askForPasswordDelay</key>
<integer>2147483647</integer>
</dict>
</plist>

Is it possible we might need to disable the screensaver entirely using the screensaveruser domain as you did?

0 Kudos

davidbpk
New Contributor

Posted on ‎03-27-2024 07:24 PM

I am trying to actually require the password after screen saver begins or display is turned off.  Right now my users can change this setting to NEVER.  I need it to be locked to immediately or 5 seconds or even 1 minute.   I've tried PLIST and the setting in JAMF and nothing seems to work in Sonoma 14.4.   Anyone know how to enforce this?

0 Kudos