Help

Log out after 30 minutes of inactivity enabled only on some devices

plouis
New Contributor

Posted on ‎08-11-2016 04:24 PM

Hey all -

So I have several devices that are forcing logouts after 30 minutes. The checkbox in question is in System Preferences > Security & Privacy > Advanced ... > Log out after XX minutes of inactivity.

The strange part is that this only affects some devices. My personal device, an early 2015 13" MacBook Pro running 10.11.6, is not affected, while several of my development team running mid 2015 15" MacBook Pros on the same OS version are affected. Profiles to each of these machines are identical.

I created a configuration profile to address this specifically via LogIn Window > Options > uncheck Log users out after XX minutes of inactivity. I pushed this to the all devices (affected and not) and verified installation, and this checkbox STILL re-enables itself on the problem machines.

I'm pulling my hair out at this point, any ideas are greatly appreciated.8b286bfde58140acae6220b2836c2f76
980b9b7b5919491aa18112c01c93336e

0 Kudos
Reply
11 REPLIES 11

dan-snelson
Valued Contributor II

Posted on ‎08-11-2016 07:17 PM

@chovrud Are you running 9.93?

Known Issues Configuration profiles created in v9.93 with a Security & Privacy payload and a FileVault 2 Redirect payload contain an inactive automatic logout setting.

See: http://docs.jamfsoftware.com/9.93/casper-suite/release-notes/Known_Issues.html

0 Kudos
Reply

craig_hopkins
New Contributor II

Posted on ‎08-12-2016 06:09 AM

Do you have any other profiles with Login Window/Login Items/Restrictions/Finder payloads?

I've found some very odd issues with these in 9.93 where unexpected settings are being set. Very similar to the issues outlined here - https://macmule.com/2016/05/09/icloud-spotlight-login-window-issues-with-jss-9-9-the-security-privacy-profile-payload/#more-2591

My workaround is to place all payloads in the same configuration profile.

0 Kudos
Reply

strider_knh
Contributor II

Posted on ‎08-12-2016 06:13 AM

You have to check the payload of the configuration profile itself, not what the JSS says is part of the profile.

Download the profile and open it in an xml editor and see if it says anything for "askForPasswordDelay"

These issues have been with the JSS since 9.90 so that has been about eight months or so without them being fixed.

0 Kudos
Reply

plouis
New Contributor

Posted on ‎08-15-2016 09:17 AM

Hey all -

Thank you for the responses. The strange thing is that this has been occurring since before I rolled out JSS profiles to these machines, in my futile attempt to manage devices via OSX server. Regardless, I'll check the config profile and report back with what I find.

Thanks.

0 Kudos
Reply

bentoms
Release Candidate Programs Tester

Posted on ‎08-20-2016 03:04 PM

@chovrud This post, might help your spelunking.

0 Kudos
Reply

Andy_McCaskill
Contributor

Posted on ‎08-29-2016 07:31 AM

Just adding my two cents to this. First off, I am running 9.92.1466020067. I've checked all the profiles and do not see any other profiles asking for "askForPasswordDelay". I created a whole new profile to explicitly push that setting and does not overwrite that setting.

Anyone have a script to overwrite this?

0 Kudos
Reply

plouis
New Contributor

Posted on ‎08-30-2016 03:29 PM

Solution - it appears that some old profiles were carrying payloads that were not supposed to be associated with what was happening. In this instance I removed a couple old Power Saver payloads and it cleared out the random settings in Privacy & Security.

This is an Apple issue, not a JAMF one.

0 Kudos
Reply

Andy_McCaskill
Contributor

Posted on ‎08-30-2016 04:21 PM

@chovrud Makes sense. I will try this out later and see if that resolves my issues and report back here.

0 Kudos
Reply

bentoms
Release Candidate Programs Tester

Posted on ‎08-31-2016 03:38 AM

FWIW [this](lhttps://macmule.com/2016/05/09/icloud-spotlight-login-window-issues-with-jss-9-9-the-security-privacy-profile-payload/) may help.

0 Kudos
Reply

scentsy
Contributor

Posted on ‎08-31-2016 09:28 AM

I had a similar issue, in my case I had a separate configuration profile to configure "Finder" once I deleted that separate configuration profile from our JSS it fixed the issue that kept putting the check mark on forcing users to log out after xx minutes.

also it fixed another issue I was having with screen saver not turning on "immediately" or after xx seconds.

if you have a configuration profile with the "Configure Finder" remove it to see if it fixes the issue.

0 Kudos
Reply

danwestbrook
New Contributor II

Posted on ‎09-08-2016 02:43 AM

Just seen the updated 9.96 should fix the “logout after x minutes of inactivity” bug.

[PI-002673] Fixed an issue where configuration profiles created in v9.93 with a Security & Privacy payload and a FileVault 2 Redirect payload contain an inactive automatic logout setting.

Source: http://docs.jamfsoftware.com/9.96/casper-suite/release-notes/Bug_Fixes_and_Enhancements.html

0 Kudos
Reply