Posted on 05-05-2015 02:26 PM
In the Windows world I can fairly easily configure a group policy that will allow me to lock a Windows machine after 30 min of inactivity two different ways...
Setting a screensaver time out of 30 min
Setting a scheduled task to kick off a screensaver or go to sleep after 30 minutes of inactivity
Both would prompt for a password when activity is detected.
It would seem I can do #1 with Managed Preferences and probably via Configuration Profiles. I would prefer to do #2 though. The reason is that it's been decreed here to enforce a certain amount of security as many don't have passwords set for locking their desktop after a certain amount of time. By going with solution #2, the goal is to have that set across the board but still let those who want a tighter timeframe be able to set their screensaver or turning the display off to a lower time. No matter what though the user can't be allowed to disable whatever screen locking mechanism it used.
Right now I have the path that can kick off the screensaver but where I'm having difficulty is figuring out a way to monitor the inactivity over a 30 min period. Does anyone here already do this or know of a way to do this that could point me in the right direction?
The path I can use to kick off the screensaver is "open /System/Library/Frameworks/ScreenSaver.framework/Versions/A/Resources/ScreenSaverEngine.app"
Any ideas or help in how I could implement such a solution which obviously would get deployed with Casper?
Posted on 05-05-2015 03:12 PM
@jhuls I'd deploy a screen saver config profile that enforces a screen saver after 30 minutes.
The OS is pretty good at detecting "inactivity" & so why duplicate/make work?
Posted on 05-05-2015 05:57 PM
The question is how to allow the user to select a time less than the minimum, if they prefer. Config profile will lock the panel.
Thinking out loud here, if you made a small script with a CocoaDialog GUI that asked the user what they wanted to change it to, then did that via
#!/bin/sh
su $3 -c 'defaults -currentHost write com.apple.screensaver idleTime -int "600"'
su $3 -c 'defaults -currentHost write com.apple.screensaver askForPassword -int "1"'
su $3 -c 'defaults -currentHost write com.apple.screensaver askForPasswordDelay -int "0"'
600 being the value for 10 minutes.
Posted on 05-05-2015 06:20 PM
Don't bother asking the user, just read the current value and ensure it is less than minimum required minutes before proceeding.
Use a LaunchAgent and have it run every 3 hours or something to allow users to temporarily extend up to 3 hours in the event of a presentation or some such.
Posted on 05-05-2015 06:30 PM
@Look ...without using a config profile, which would lock the screen saver time setting.
Posted on 05-05-2015 06:41 PM
@adamcodega
Yes don't use a config profile
Edit the settings with a script called from a LaunchAgent or LaunchDaemon with a setting for StartInterval of 10800 seconds (3 hours unless my maths sucks, which it might...).
<key>StartInterval</key>
<integer>10800</integer>
Although a script out of Casper would also do it without too many issues, depending on how strict you want to be you could just run it once daily.