Posted on 10-12-2023 06:44 AM
Hi all,
I've discovered that this profile we push to lab machine to disable the requirement for a password when the computer display is turned off is no longer working in Sonoma:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>askForPassword</key>
<integer>0</integer>
</dict>
</plist>
This profile now causes the setting in System Settings>Lock Screen>Require Password After Screen saver begins or display is turned off to be set to IMMEDIATELY.
Anyone see this or have alternate solution for environments where we don't want the screen to lock when the display turns off (other than setting it manually?)?
Posted on 11-07-2023 12:09 PM
I don't have a solution, but I can confirm we are seeing the same behavior.
11-13-2023 09:04 AM - edited 11-13-2023 09:21 AM
Same issue. In Security & Privacy config, it doesn't matter if you set Immediately or Never for "Require Passcode to Unlock Screen", on the device it sets to Immediately.
Posted on 11-29-2023 06:14 PM
I've run into the same issue while preparing my Sonoma configuration for lab rebuilds, but seem to have worked out the solution. See below for the working settings. This sets require password after screen saver or sleep to never.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>askForPassword</key>
<true/>
<key>askForPasswordDelay</key>
<real>2147483647</real>
</dict>
</plist>
Posted on 12-28-2023 10:03 AM
I am seeing exactly this issue with my lab rebuilds also -- sonoma. I tried the solution above and it worked perfectly. Thank you Mike4!!!!
Posted on 01-08-2024 01:17 PM
@Mike4 Thanks for posting a solution!
How did you deploy this .plist? If you delivered it via a custom configuratoin payload, which domain did you use? I did not ind similar settings in the com.applescreensaver.plist when digging around just now.
Posted on 01-10-2024 08:27 AM
Thanks to @Mike4 for pointing us in the right direction! This is a very frustrating change on Apple's part, and I'm disappointed that Jamf hasn't patched this yet months after Sonoma's release.
To answer @iamYaje 's question: the domain we want to apply these changes to is com.apple.screensaver. More info can be found here:
https://developer.apple.com/documentation/devicemanagement/screensaver
https://developer.apple.com/documentation/devicemanagement/screensaveruser
However, I was not able to get this to work using @Mike4's settings. Specifically, I had to change the value type for 'askForPasswordDelay' from 'real' to 'integer', per the documentation linked above. After that, it works perfectly. Maybe Apple changed something in an update and 'real' is no longer valid. I tested on OS 14.2.1.
I also added an extra key to disable the screensaver completely (why in 2024 Apple doesn't just have the screensaver disabled by default is mindboggling). These settings will accomplish that:
<key>idleTime</key>
<integer>0</integer>
Note: this setting is listed on the docs as applying only to the user's individual screensaver settings, but adding the key to the computer-wide 'com.apple.screensaver' plist works just fine.
Posted on 01-11-2024 08:39 AM
@micmil thanks for posting this reply.
We use autologin to a standard user-account in our secure lab environment. That autologin feature now only works after a computer restart (following upgrade to Sonoma) after the password has been entered once for the account in a given time-period. If the screen saver goes active, we then need to enter the password again if the computer is restarted.
I'm attempting to configure the .plist for com.apple.screensaver and it hasn't been working so far. It looked like it was overlapping with our Security and Privacy payload setting (same key), so I unconfigured that. When exporting the profiles to XML to review, I'm not seeing the <integer>xxx...</integer> key show up in the configuration for some reason and the password is still being required when the screensaver comes up. Any ideas as to what we might be missing?:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>askForPassword</key>
<true/>
<key>askForPasswordDelay</key>
<integer>2147483647</integer>
</dict>
</plist>
Is it possible we might need to disable the screensaver entirely using the screensaveruser domain as you did?
Posted on 10-28-2024 04:51 AM
Hi,
I've been a little confused about this because com.apple.screensaver doesn't seem to be a domain that exists anymore? I'm on 14.5 and can't write any changes to that domain because it's not present.
Posted on 10-28-2024 05:52 AM
My Mac labs are now on 15. I had to do it manually on each machine as I couldn't figure it out and was on a time crunch. If you figure it out, let us know!
Posted on 10-28-2024 05:58 AM
I don't have any insight regarding doing this manually using Defaults or something else. We use Jamf Pro to deploy this as a configuration profile at the Computer level. It seems to work without issue on OS 14 machines, and the very few OS 15 machines we have deployed.
Posted on 10-28-2024 07:11 AM
I guess I don't know how to take that and turn it into something Jamf can deploy. Inputting it as a custom schema just gets rejected.
Posted on 10-28-2024 07:27 AM
Ah I see. While you can use JSON schema to configure settings, the format is different. As I am a noob when it comes to JSON, I can't help you with that. But here is the profile I was referencing; I hope this helps. Just make sure the profile is set to "Computer Level."
If all you're trying to do is disable the screen lock timeout, the Security and Privacy settings are optional. We just decided to lump them all together since all our "shared" machines should get these settings anyway.
Posted on 10-29-2024 07:08 AM
Ah, it never even occurred to me that you'd have to go to the "Upload" section to input XML code. I didn't see anywhere other than the JSON section and thought it must be that.
A configuration profile as set up in the screenshot above is indeed working perfectly as intended on 14.5.
Posted on 03-27-2024 07:24 PM
I am trying to actually require the password after screen saver begins or display is turned off. Right now my users can change this setting to NEVER. I need it to be locked to immediately or 5 seconds or even 1 minute. I've tried PLIST and the setting in JAMF and nothing seems to work in Sonoma 14.4. Anyone know how to enforce this?