Login Window Config Profile Alternatives?

Bongardino
New Contributor III

Hello-

We've had a lot of trouble with the Login window config prof on 9.82, and I'm wondering how I can accomplish my goals without it.

I'm trying to enforce "Allow Guest User" and create a login window banner.

The login banner I think I can do as a managed preference, but I don't know where to enforce a guest user. Any help would be appreciated

7 REPLIES 7

bpavlov
Honored Contributor

No guarantee this still works, but a quick search online gave me this:
defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled -bool true

As for the login window banner:
http://support.apple.com/kb/HT4788
http://support.apple.com/kb/PH4558

DBrowning
Valued Contributor II

you can try a custom ConfigProfile writing to com.apple.MCX key EnableGuestAccount True

DBrowning
Valued Contributor II

We were having issues with the Login Window profile as well. I ended up dissecting the 2 profiles that had conflicting parts (Login Window and Security & Privacy) and created a single profile that merged the 2 with out having the 2 over write on the ScreenSaver section.

Bongardino
New Contributor III

ddcdennisb - When you say you merged the two, did you do this manually or did you just configure both Login Window and Security & Privacy into the same config profile?

Also, where did you set the screen saver timings?

DBrowning
Valued Contributor II

I manually put the 2 together. Below you will find the config

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>PayloadUUID</key>
        <string>uuid</string>
        <key>PayloadType</key>
        <string>Configuration</string>
        <key>PayloadOrganization</key>
        <string>Company, Inc</string>
        <key>PayloadIdentifier</key>
        <string>ID</string>
        <key>PayloadDisplayName</key>
        <string>LoginSecurity</string>
        <key>PayloadDescription</key>
        <string>Setting preferences under Security&amp;Privacy</string>
        <key>PayloadVersion</key>
        <integer>1</integer>
        <key>PayloadEnabled</key>
        <true/>
        <key>PayloadRemovalDisallowed</key>
        <true/>
        <key>PayloadScope</key>
        <string>System</string>
        <key>PayloadContent</key>
        <array>
            <dict>
                <key>PayloadUUID</key>
                <string>UUID</string>
                <key>PayloadType</key>
                <string>com.apple.MCX</string>
                <key>PayloadOrganization</key>
                <string>Company, Inc</string>
                <key>PayloadIdentifier</key>
                <string>ID</string>
                <key>PayloadDisplayName</key>
                <string>MCX</string>
                <key>PayloadDescription</key>
                <string/>
                <key>PayloadVersion</key>
                <integer>1</integer>
                <key>PayloadEnabled</key>
                <true/>
                <key>DestroyFVKeyOnStandby</key>
                <false/>
                <key>dontAllowFDEDisable</key>
                <false/>
                <key>DisableGuestAccount</key>
                <true/>
                <key>EnableGuestAccount</key>
                <false/>
            </dict>
            <dict>
                <key>PayloadUUID</key>
                <string>UUID</string>
                <key>PayloadType</key>
                <string>com.apple.SubmitDiagInfo</string>
                <key>PayloadOrganization</key>
                <string>Company, Inc</string>
                <key>PayloadIdentifier</key>
                <string>ID</string>
                <key>PayloadDisplayName</key>
                <string>Security And Privacy</string>
                <key>PayloadDescription</key>
                <string/>
                <key>PayloadVersion</key>
                <integer>1</integer>
                <key>PayloadEnabled</key>
                <true/>
                <key>AutoSubmit</key>
                <true/>
            </dict>
            <dict>
                <key>PayloadUUID</key>
                <string>UUID</string>
                <key>PayloadType</key>
                <string>com.apple.mcxloginscripts</string>
                <key>PayloadOrganization</key>
                <string>Company, Inc</string>
                <key>PayloadIdentifier</key>
                <string>ID</string>
                <key>PayloadDisplayName</key>
                <string>Login Window:  Scripts</string>
                <key>PayloadDescription</key>
                <string/>
                <key>PayloadVersion</key>
                <integer>1</integer>
                <key>PayloadEnabled</key>
                <true/>
                <key>skipLoginHook</key>
                <false/>
                <key>skipLogoutHook</key>
                <false/>
            </dict>
            <dict>
                <key>PayloadUUID</key>
                <string>UUID</string>
                <key>PayloadType</key>
                <string>com.apple.systempolicy.managed</string>
                <key>PayloadOrganization</key>
                <string>Company, Inc</string>
                <key>PayloadIdentifier</key>
                <string>ID</string>
                <key>PayloadDisplayName</key>
                <string>SystemPolicyManaged</string>
                <key>PayloadDescription</key>
                <string/>
                <key>PayloadVersion</key>
                <integer>1</integer>
                <key>PayloadEnabled</key>
                <true/>
            </dict>
            <dict>
                <key>PayloadUUID</key>
                <string>UUID</string>
                <key>PayloadType</key>
                <string>com.apple.preference.security</string>
                <key>PayloadOrganization</key>
                <string>Company, Inc</string>
                <key>PayloadIdentifier</key>
                <string>ID</string>
                <key>PayloadDisplayName</key>
                <string>PreferenceSecurity</string>
                <key>PayloadDescription</key>
                <string/>
                <key>PayloadVersion</key>
                <integer>1</integer>
                <key>PayloadEnabled</key>
                <true/>
            </dict>
            <dict>
                <key>PayloadUUID</key>
                <string>UUID</string>
                <key>PayloadType</key>
                <string>com.apple.screensaver</string>
                <key>PayloadOrganization</key>
                <string>Company, Inc</string>
                <key>PayloadIdentifier</key>
                <string>ID</string>
                <key>PayloadDisplayName</key>
                <string>Login Window:  Screen Saver Preferences</string>
                <key>PayloadDescription</key>
                <string/>
                <key>PayloadVersion</key>
                <integer>1</integer>
                <key>PayloadEnabled</key>
                <true/>
                <key>askForPasswordDelay</key>
                <true/>
                <key>askForPasswordDelay</key>
                <integer>0</integer>
            </dict>
            <dict>
                <key>PayloadUUID</key>
                <string>UUID</string>
                <key>PayloadType</key>
                <string>com.apple.loginwindow</string>
                <key>PayloadOrganization</key>
                <string>Company, Inc</string>
                <key>PayloadIdentifier</key>
                <string>ID</string>
                <key>PayloadDisplayName</key>
                <string>Login Window</string>
                <key>PayloadDescription</key>
                <string/>
                <key>PayloadVersion</key>
                <integer>1</integer>
                <key>PayloadEnabled</key>
                <true/>
                <key>AdminHostInfo</key>
                <string>HostName</string>
                <key>LoginwindowText</key>
                <string>Property of Company Inc.</string>
                <key>SHOWFULLNAME</key>
                <true/>
                <key>HideLocalUsers</key>
                <false/>
                <key>HideMobileAccounts</key>
                <false/>
                <key>IncludeNetworkUser</key>
                <false/>
                <key>HideAdminUsers</key>
                <false/>
                <key>SHOWOTHERUSERS_MANAGED</key>
                <true/>
                <key>ShutDownDisabled</key>
                <false/>
                <key>UseComputerNameForComputerRecordName</key>
                <false/>
                <key>EnableExternalAccounts</key>
                <true/>
                <key>DisableConsoleAccess</key>
                <false/>
                <key>com.apple.login.mcx.DisableAutoLoginClient</key>
                <true/>
                <key>AdminMayDisableMCX</key>
                <false/>
                <key>LocalUserLoginEnabled</key>
                <true/>
                <key>LocalUsersHaveWorkgroups</key>
                <false/>
                <key>FlattenUserWorkgroups</key>
                <false/>
                <key>CombineUserWorkgroups</key>
                <true/>
                <key>AlwaysShowWorkgroupDialog</key>
                <false/>
                <key>RetriesUntilHint</key>
                <integer>3</integer>
                <key>AllowList</key>
                <array/>
                <key>DenyList</key>
                <array/>
            </dict>
            <dict>
                <key>PayloadUUID</key>
                <string>UUID</string>
                <key>PayloadType</key>
                <string>com.apple.applicationaccess</string>
                <key>PayloadOrganization</key>
                <string>Company, Inc</string>
                <key>PayloadIdentifier</key>
                <string>ID</string>
                <key>PayloadDisplayName</key>
                <string>Restrictions</string>
                <key>PayloadDescription</key>
                <string/>
                <key>PayloadVersion</key>
                <integer>1</integer>
                <key>PayloadEnabled</key>
                <true/>
                <key>allowDiagnosticSubmission</key>
                <true/>
            </dict>
            <dict>
                <key>PayloadUUID</key>
                <string>UUID</string>
                <key>PayloadType</key>
                <string>.GlobalPreferences</string>
                <key>PayloadOrganization</key>
                <string>Company, Inc</string>
                <key>PayloadIdentifier</key>
                <string>ID</string>
                <key>PayloadDisplayName</key>
                <string>Login Window:  Global Preferences</string>
                <key>PayloadDescription</key>
                <string/>
                <key>PayloadVersion</key>
                <integer>1</integer>
                <key>PayloadEnabled</key>
                <true/>
                <key>MultipleSessionEnabled</key>
                <true/>
                <key>com.apple.autologout.AutoLogOutDelay</key>
                <integer>0</integer>
                <key>com.apple.logout.AutoLogOutDelay</key>
                <integer>0</integer>
            </dict>
            <dict>
                <key>PayloadUUID</key>
                <string>UUID</string>
                <key>PayloadType</key>
                <string>com.apple.systempolicy.control</string>
                <key>PayloadOrganization</key>
                <string>Company, Inc</string>
                <key>PayloadIdentifier</key>
                <string>ID</string>
                <key>PayloadDisplayName</key>
                <string>SystemPolicyControl</string>
                <key>PayloadDescription</key>
                <string/>
                <key>PayloadVersion</key>
                <integer>1</integer>
                <key>PayloadEnabled</key>
                <true/>
                <key>AllowIdentifiedDevelopers</key>
                <true/>
                <key>EnableAssessment</key>
                <false/>
            </dict>
        </array>
    </dict>
</plist>

Bongardino
New Contributor III

@ddcdennisb thanks for this!

One more question if you'll indulge me - where do I actually put this? I assume I roll it out as a custom profile?

New to casper and working my way through the admin guide

DBrowning
Valued Contributor II

@Bongardino

with the format i used i saved it as a .mobileconfig and uploaded it. the JSS will add in the needed UUIDs and other info for you. it will look like you used the "login window" and "Security & Privacy" options but will not over write the settings you put in.

If you wanted to do it as a custom Config you'd have to create a plist file for each plist sections within the config file.

i.e.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>askForPasswordDelay</key>
    <true/>
    <key>askForPasswordDelay</key>
    <integer>0</integer>
</dict>
</plist>

and then use the Preference domain of "com.apple.screensaver"

Make sense?