Posted on 01-25-2016 10:30 AM
Hello-
We've had a lot of trouble with the Login window config prof on 9.82, and I'm wondering how I can accomplish my goals without it.
I'm trying to enforce "Allow Guest User" and create a login window banner.
The login banner I think I can do as a managed preference, but I don't know where to enforce a guest user. Any help would be appreciated
Posted on 01-25-2016 11:08 AM
No guarantee this still works, but a quick search online gave me this:
defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled -bool true
As for the login window banner:
http://support.apple.com/kb/HT4788
http://support.apple.com/kb/PH4558
Posted on 01-25-2016 11:13 AM
you can try a custom ConfigProfile writing to com.apple.MCX key EnableGuestAccount True
Posted on 01-25-2016 11:20 AM
We were having issues with the Login Window profile as well. I ended up dissecting the 2 profiles that had conflicting parts (Login Window and Security & Privacy) and created a single profile that merged the 2 with out having the 2 over write on the ScreenSaver section.
Posted on 01-26-2016 09:31 AM
ddcdennisb - When you say you merged the two, did you do this manually or did you just configure both Login Window and Security & Privacy into the same config profile?
Also, where did you set the screen saver timings?
Posted on 01-26-2016 10:00 AM
I manually put the 2 together. Below you will find the config
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadUUID</key>
<string>uuid</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadOrganization</key>
<string>Company, Inc</string>
<key>PayloadIdentifier</key>
<string>ID</string>
<key>PayloadDisplayName</key>
<string>LoginSecurity</string>
<key>PayloadDescription</key>
<string>Setting preferences under Security&Privacy</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadEnabled</key>
<true/>
<key>PayloadRemovalDisallowed</key>
<true/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadUUID</key>
<string>UUID</string>
<key>PayloadType</key>
<string>com.apple.MCX</string>
<key>PayloadOrganization</key>
<string>Company, Inc</string>
<key>PayloadIdentifier</key>
<string>ID</string>
<key>PayloadDisplayName</key>
<string>MCX</string>
<key>PayloadDescription</key>
<string/>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadEnabled</key>
<true/>
<key>DestroyFVKeyOnStandby</key>
<false/>
<key>dontAllowFDEDisable</key>
<false/>
<key>DisableGuestAccount</key>
<true/>
<key>EnableGuestAccount</key>
<false/>
</dict>
<dict>
<key>PayloadUUID</key>
<string>UUID</string>
<key>PayloadType</key>
<string>com.apple.SubmitDiagInfo</string>
<key>PayloadOrganization</key>
<string>Company, Inc</string>
<key>PayloadIdentifier</key>
<string>ID</string>
<key>PayloadDisplayName</key>
<string>Security And Privacy</string>
<key>PayloadDescription</key>
<string/>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadEnabled</key>
<true/>
<key>AutoSubmit</key>
<true/>
</dict>
<dict>
<key>PayloadUUID</key>
<string>UUID</string>
<key>PayloadType</key>
<string>com.apple.mcxloginscripts</string>
<key>PayloadOrganization</key>
<string>Company, Inc</string>
<key>PayloadIdentifier</key>
<string>ID</string>
<key>PayloadDisplayName</key>
<string>Login Window: Scripts</string>
<key>PayloadDescription</key>
<string/>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadEnabled</key>
<true/>
<key>skipLoginHook</key>
<false/>
<key>skipLogoutHook</key>
<false/>
</dict>
<dict>
<key>PayloadUUID</key>
<string>UUID</string>
<key>PayloadType</key>
<string>com.apple.systempolicy.managed</string>
<key>PayloadOrganization</key>
<string>Company, Inc</string>
<key>PayloadIdentifier</key>
<string>ID</string>
<key>PayloadDisplayName</key>
<string>SystemPolicyManaged</string>
<key>PayloadDescription</key>
<string/>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadEnabled</key>
<true/>
</dict>
<dict>
<key>PayloadUUID</key>
<string>UUID</string>
<key>PayloadType</key>
<string>com.apple.preference.security</string>
<key>PayloadOrganization</key>
<string>Company, Inc</string>
<key>PayloadIdentifier</key>
<string>ID</string>
<key>PayloadDisplayName</key>
<string>PreferenceSecurity</string>
<key>PayloadDescription</key>
<string/>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadEnabled</key>
<true/>
</dict>
<dict>
<key>PayloadUUID</key>
<string>UUID</string>
<key>PayloadType</key>
<string>com.apple.screensaver</string>
<key>PayloadOrganization</key>
<string>Company, Inc</string>
<key>PayloadIdentifier</key>
<string>ID</string>
<key>PayloadDisplayName</key>
<string>Login Window: Screen Saver Preferences</string>
<key>PayloadDescription</key>
<string/>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadEnabled</key>
<true/>
<key>askForPasswordDelay</key>
<true/>
<key>askForPasswordDelay</key>
<integer>0</integer>
</dict>
<dict>
<key>PayloadUUID</key>
<string>UUID</string>
<key>PayloadType</key>
<string>com.apple.loginwindow</string>
<key>PayloadOrganization</key>
<string>Company, Inc</string>
<key>PayloadIdentifier</key>
<string>ID</string>
<key>PayloadDisplayName</key>
<string>Login Window</string>
<key>PayloadDescription</key>
<string/>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadEnabled</key>
<true/>
<key>AdminHostInfo</key>
<string>HostName</string>
<key>LoginwindowText</key>
<string>Property of Company Inc.</string>
<key>SHOWFULLNAME</key>
<true/>
<key>HideLocalUsers</key>
<false/>
<key>HideMobileAccounts</key>
<false/>
<key>IncludeNetworkUser</key>
<false/>
<key>HideAdminUsers</key>
<false/>
<key>SHOWOTHERUSERS_MANAGED</key>
<true/>
<key>ShutDownDisabled</key>
<false/>
<key>UseComputerNameForComputerRecordName</key>
<false/>
<key>EnableExternalAccounts</key>
<true/>
<key>DisableConsoleAccess</key>
<false/>
<key>com.apple.login.mcx.DisableAutoLoginClient</key>
<true/>
<key>AdminMayDisableMCX</key>
<false/>
<key>LocalUserLoginEnabled</key>
<true/>
<key>LocalUsersHaveWorkgroups</key>
<false/>
<key>FlattenUserWorkgroups</key>
<false/>
<key>CombineUserWorkgroups</key>
<true/>
<key>AlwaysShowWorkgroupDialog</key>
<false/>
<key>RetriesUntilHint</key>
<integer>3</integer>
<key>AllowList</key>
<array/>
<key>DenyList</key>
<array/>
</dict>
<dict>
<key>PayloadUUID</key>
<string>UUID</string>
<key>PayloadType</key>
<string>com.apple.applicationaccess</string>
<key>PayloadOrganization</key>
<string>Company, Inc</string>
<key>PayloadIdentifier</key>
<string>ID</string>
<key>PayloadDisplayName</key>
<string>Restrictions</string>
<key>PayloadDescription</key>
<string/>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadEnabled</key>
<true/>
<key>allowDiagnosticSubmission</key>
<true/>
</dict>
<dict>
<key>PayloadUUID</key>
<string>UUID</string>
<key>PayloadType</key>
<string>.GlobalPreferences</string>
<key>PayloadOrganization</key>
<string>Company, Inc</string>
<key>PayloadIdentifier</key>
<string>ID</string>
<key>PayloadDisplayName</key>
<string>Login Window: Global Preferences</string>
<key>PayloadDescription</key>
<string/>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadEnabled</key>
<true/>
<key>MultipleSessionEnabled</key>
<true/>
<key>com.apple.autologout.AutoLogOutDelay</key>
<integer>0</integer>
<key>com.apple.logout.AutoLogOutDelay</key>
<integer>0</integer>
</dict>
<dict>
<key>PayloadUUID</key>
<string>UUID</string>
<key>PayloadType</key>
<string>com.apple.systempolicy.control</string>
<key>PayloadOrganization</key>
<string>Company, Inc</string>
<key>PayloadIdentifier</key>
<string>ID</string>
<key>PayloadDisplayName</key>
<string>SystemPolicyControl</string>
<key>PayloadDescription</key>
<string/>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadEnabled</key>
<true/>
<key>AllowIdentifiedDevelopers</key>
<true/>
<key>EnableAssessment</key>
<false/>
</dict>
</array>
</dict>
</plist>
Posted on 01-27-2016 12:36 PM
@ddcdennisb thanks for this!
One more question if you'll indulge me - where do I actually put this? I assume I roll it out as a custom profile?
New to casper and working my way through the admin guide
Posted on 01-27-2016 12:44 PM
with the format i used i saved it as a .mobileconfig and uploaded it. the JSS will add in the needed UUIDs and other info for you. it will look like you used the "login window" and "Security & Privacy" options but will not over write the settings you put in.
If you wanted to do it as a custom Config you'd have to create a plist file for each plist sections within the config file.
i.e.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>askForPasswordDelay</key>
<true/>
<key>askForPasswordDelay</key>
<integer>0</integer>
</dict>
</plist>
and then use the Preference domain of "com.apple.screensaver"
Make sense?