Jamf Nation Community

Hello Casper Listers! First forgive my Noobieness OK! I am hoping to get
this problem in front to some Smarter eyes. A security requirement on our
Macs is to have System Preferences-->Security pane--> General tab, 'Require
a password to unlock preference panes' checked 'On' and Managed via JSS. I
have explored several ideas of which I have not found a satisfactory result.
I am not using OD just AD, No JAMF or AFP548 templates, nothing in the
knowledge base or resource kit. My most favorable possibility at this time
is to use the command line 'defaults' utility to accomplish this and create
a policy around it.

The file in question is /etc/Authorization. The specific Child key is
located approx 700 lines down the plist is :

<key>system.preferences</key> <dict> <key>allow-root</key> <true/> <key>class</key> <string>user</string> <key>comment</key> <string>Checked by the Admin framework when making changes to
certain System Preferences.</string> <key>group</key> <string>admin</string> <key>shared</key> <false/

The 'false' value is 'checked on' and 'true ' is checked 'Off' in the
preference pane.

Defaults man page below:

'defaults' [-currentHost | -host <hostname>] followed by one of the
following:

read shows all defaults read <domain> shows defaults for given domain read <domain> <key> shows defaults for given domain, key

read-type <domain> <key> shows the type for the given domain,
key

write <domain> <domain_rep> writes domain (overwrites existing) write <domain> <key> <value> writes key for domain

rename <domain> <old_key> <new_key> renames old_key to new_key

delete <domain> deletes domain delete <domain> <key> deletes key in domain

domains lists all domains find <word> lists all entries containing word help print this help

<domain> is ( <domain_name> | -app <application_name> | -globalDomain ) or a path to a file omitting the '.plist' extension

<value> is one of: <value_rep> -string <string_value> -data <hex_digits> -int[eger] <integer_value> -float <floating-point_value> -bool[ean] (true | false | yes | no) -date <date_rep> -array <value1> <value2> ... -array-add <value1> <value2> ... -dict <key1> <value1> <key2> <value2> ... -dict-add <key1> <value1> ...

For my requirement I interpret the syntax to be:

'defaults' write <domain> <key> <value> insert ­dict for value above -dict <key1> <value1>
<key2> <value2> ...

My command looks like this if I use the parent 'rights' key at the
beginning of the plist and it looks like this:

defaults write /etc/authorization rights -dict system.preferences shared
false seems I do not know what value 1 for key1 would be?

My command looks like this if I use the child 'system.preferences' key from
the middle of the plist and it looks like this:

defaults write /etc/authorization system.preferences -dict shared false

Of course neither work. Am I on the right track? Can this be done like
this? Can you see the error in my way and correct it?

Any other comments or suggestions? I am open to anything as long as it is
managed!

Thanks Bunches

-- Michael J. Homar • Apple Certified Associate
DSL, Desktop Support Team, GDC4S
8201 E. McDowell Rd., H707, Scottsdale, AZ 85257
Americas Infrastructure Services | p: 480-441-1106 | m: 480-209-8788 |
Michael.Homar at gdc4s.com | www.csc.com