Posted on 03-23-2016 05:17 AM
I had a request to change the setting for requiring a password after sleep or screensaver from the default 5 minutes to immediately. I checked my enrolled MacBook, and that setting was greyed out and I couldn't change it even as an admin. I figured it must've been pushed down by Casper, so I checked in the JSS and that was not one of the settings I'd already defined.
I went ahead and added it to an existing config profile that had already been applied with a few other basic settings. I selected the option to deploy it to all existing computers, and when I check the status, they show that they have completed successfully. However, when I check the computers themselves, the setting is still set to Require password 5 minutes after sleep or screen saver begins. I rebooted the machines after apply the profile, as well.
I saw the thread about config profiles not working on 10.11.4, and one of my test machines was upgraded yesterday. So, I checked a 10.11.3 machine and that one shows the same thing.
Solved! Go to Solution.
Posted on 03-23-2016 05:55 AM
Do you have "Login Window" config profile settings applied in you environment?
We noticed that "Login Window" settings break screensaver and security & privacy settings.
The is a thread https://jamfnation.jamfsoftware.com/discussion.html?id=19023 describing this issue.
We completely disabled our login window profile recently because of inconsistent screensaver / require password behavior.
Posted on 03-23-2016 05:24 AM
i'm facing the same issue. no setting applies properly on existing system.
Posted on 03-23-2016 05:55 AM
Do you have "Login Window" config profile settings applied in you environment?
We noticed that "Login Window" settings break screensaver and security & privacy settings.
The is a thread https://jamfnation.jamfsoftware.com/discussion.html?id=19023 describing this issue.
We completely disabled our login window profile recently because of inconsistent screensaver / require password behavior.
Posted on 03-23-2016 05:59 AM
@mroiger Yep, I did set logon window settings... I wanted it to be username and password prompt instead of a list of users. Maybe this is why my require password settings were greyed out!
Posted on 03-23-2016 06:56 AM
I removed my login window settings, set the lock delay to 5 seconds instead of immediate, and the lock settings were applied successfully after a restart. I'll be letting JAMF support know (although I'm sure they already have an issue logged).
Posted on 03-23-2016 08:20 AM
This is a known issue and they will just point you to the following site for a temporary fix. Still, complain away.
http://www.johnkitzmiller.com/blog/security-privacy-configuration-profile-bug-in-casper-9-82/