Login Window profile locks computer name

jcarr
Contributor III

When creating a configuration profile to set login window preferences, I discovered that the client is prevented from changing the Computer Name, even if "Set computer name to computer record name" is not selected. Is this a bug? or am I missing something?

external image link

external image link

7 REPLIES 7

Kevin
Contributor II

Sorry to drag out a 15 month old thread, but I am experiencing this as well. I created a configuration to start the screen saver after 15 minutes of activity and now our computer names can't be changed. I see nothing in the options about locking this setting.

Ideas?

nessts
Valued Contributor II

are you running 9.3? if you do not have the Set computer name to computer record name box set on 9.3 or higher it works properly. The red circled option is the one that controls this though.

Kevin
Contributor II

@nessts

I am running 9.51 (Same behavior with 9.4 though). I do NOT have that box checked. My Desktop guys get annoyed that they can't change the computer names easily. Is there any way to use this option (to start a screen saver) and NOT lock the computer name?

We have to lock screens after 15 minutes to maintain PCI compliance.

nessts
Valued Contributor II

if it were me, i would probably delete the existing profile and create a new one. do this on a test box first of course. exclude the test box from the current scope. then create a new profile and scope only to the test box. Another "feature" or bug of this setting is that it changes the computername variable to localhost regardless of what the rest of the computers are set to, and then the network browser sees every machine named localhost (1) etc. so I just unchecked that box on my profile the other day and it cleared that problem. I dont want my users changing the hostname personally, but better than 300 localhosts showing up in the JSS etc.

Kevin
Contributor II

@nessts][/url

I removed my MacBook from scope on the configuration profile that locks the computer name. I created a new one from scratch and scoped it to only my box.

Same results. It doesn't change the name, it prevents my guys from changing it (in the GUI). They can still change it using Terminal.

It is just annoying that a configuration profile changes the behavior of a setting option with no real way to interact with that setting.

nessts
Valued Contributor II

oh, yes i see the same thing, sorry, but it solved my localhost naming problem. I have a profile generated from an OSx server and that works.
I am pretty sure there are some serious differences in what profiles made on JSS do as compared with profiles made in profilemanager in server. for instance black listing of preference panes exists in profile manager, but not in JSS. so maybe this is still something that needs fixed on JSS. Here is a loginwindow profile that you could try to import and see if it works for you as well. You will want to edit it to make it fit your world better, maybe you can compare to your profile and figure out what is different.

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>PayloadIdentifier</key> <string>com.yourIdentifierString</string> <key>PayloadRemovalDisallowed</key> <true/> <key>PayloadScope</key> <string>System</string> <key>PayloadType</key> <string>Configuration</string> <key>PayloadUUID</key> <string>YOURUUID</string> <key>PayloadOrganization</key> <string>YOURORG</string> <key>PayloadVersion</key> <integer>1</integer> <key>PayloadDisplayName</key> <string>Settings for LoginWindow</string> <key>PayloadContent</key> <array> <dict> <key>PayloadType</key> <string>com.apple.loginwindow</string> <key>PayloadVersion</key> <integer>1</integer> <key>PayloadIdentifier</key> <string>com.yourIdentifierString.loginwindow</string> <key>PayloadEnabled</key> <true/> <key>PayloadUUID</key> <string>YOURUUID</string> <key>PayloadDisplayName</key> <string>Login Window</string> <key>AdminHostInfo</key> <string>HostName</string> <key>SHOWFULLNAME</key> <true/> <key>HideLocalUsers</key> <true/> <key>HideMobileAccounts</key> <true/> <key>IncludeNetworkUser</key> <false/> <key>HideAdminUsers</key> <true/> <key>SHOWOTHERUSERS_MANAGED</key> <false/> <key>ShutDownDisabled</key> <false/> <key>RestartDisabled</key> <false/> <key>SleepDisabled</key> <false/> <key>RetriesUntilHint</key> <integer>3</integer> <key>com.apple.login.mcx.DisableAutoLoginClient</key> <true/> <key>DisableConsoleAccess</key> <false/> <key>AdminMayDisableMCX</key> <false/> <key>UseComputerNameForComputerRecordName</key> <true/> <key>EnableExternalAccounts</key> <true/> <key>AlwaysShowWorkgroupDialog</key> <false/> <key>CombineUserWorkgroups</key> <true/> <key>FlattenUserWorkgroups</key> <false/> <key>LocalUserLoginEnabled</key> <true/> <key>LocalUsersHaveWorkgroups</key> <false/> <key>AllowList</key> <array/> <key>DenyList</key> <array/> </dict> <dict> <key>PayloadType</key> <string>com.apple.screensaver</string> <key>PayloadVersion</key> <integer>1</integer> <key>PayloadIdentifier</key> <string>com.yourIdentifierString.screensaver</string> <key>PayloadEnabled</key> <true/> <key>PayloadUUID</key> <string>YOURUUID</string> <key>PayloadDisplayName</key> <string>Login Window: Screen Saver Preferences</string> <key>loginWindowIdleTime</key> <integer>1800</integer> <key>idleTime</key> <integer>1800</integer> </dict> <dict> <key>PayloadType</key> <string>com.apple.MCX</string> <key>PayloadVersion</key> <integer>1</integer> <key>PayloadIdentifier</key> <string>com.yourIdentifierString.MCX</string> <key>PayloadEnabled</key> <true/> <key>PayloadUUID</key> <string>YOURUUID</string> <key>PayloadDisplayName</key> <string>Login Window: MCX Preferences</string> <key>DisableGuestAccount</key> <true/> <key>EnableGuestAccount</key> <false/> <key>SleepDisabled</key> <false/> </dict> <dict> <key>PayloadType</key> <string>.GlobalPreferences</string> <key>PayloadVersion</key> <integer>1</integer> <key>PayloadIdentifier</key> <string>com.yourIdentifierString.GlobalPreferences</string> <key>PayloadEnabled</key> <true/> <key>PayloadUUID</key> <string>YOURUUID</string> <key>PayloadDisplayName</key> <string>Login Window: Global Preferences</string> <key>MultipleSessionEnabled</key> <false/> <key>com.apple.autologout.AutoLogOutDelay</key> <integer>0</integer> </dict> <dict> <key>PayloadType</key> <string>com.apple.mcxloginscripts</string> <key>PayloadVersion</key> <integer>1</integer> <key>PayloadIdentifier</key> <string>com.yourIdentifierString.mcxloginscripts</string> <key>PayloadEnabled</key> <true/> <key>PayloadUUID</key> <string>YOURUUID</string> <key>PayloadDisplayName</key> <string>Login Window: Scripts</string> <key>skipLoginHook</key> <false/> <key>skipLogoutHook </key> <false/> </dict> </array> </dict> </plist>

C_Long
New Contributor II

I too noticed that the computer name is blocked once a configuration profile is scoped. However by disabling managment on login with an administration account, the computer name field can then be changed. So in your Login Window payload be sure to enabled: - Computer Administration may refresh or diasable managment.

Once the name is changed, if you want the new name to report back to the JSS record, enable:
- set computer name to computer record name.

After enabling these settings I disabled management with a local admin account, I was able to change the computer's name. I then used a terminal command to force an update of inventory. Back at the JSS the computer name changed to match what I had changed on the computer.

-Chris