Jamf Nation Community

bbot · ‎05-05-2015

I'm looking to change the "require password" from Yosemite's default of 5 minutes, to immediately. Currently, some configuration profile or MDM profile is causing the option to be greyed out and I can't figure out what it is. Also, what is the difference between configuration profile and MDM profile? I understand that a MDM profile gets pushed when I enroll a machine into Casper -- is the MDM profile and configuration profile the same?

We have one configuration profile set, which locks down some settings in system preferences. I've tried checking the require password immediately with no luck, and also tried to manually edit my own plist to set it to 5 seconds and uploaded the plist file in custom settings with no luck.

andysemak · ‎05-07-2015

This needs to be set in the Passcode configuration profile:

View solution in original post

Look · ‎05-05-2015

https://jamfnation.jamfsoftware.com/discussion.html?id=9982

It's broken but you can do it with a custom profile.

bbot · ‎05-06-2015

I've also tried the custom proflile based on that thread. On the machine with the new configuration profile, it shows the forced policy but still sets the default as 5 minutes. I'm seeing that there is a configuration profile and a MDM profile on the test machine. It looks like the MDM profile also changes some system settings. Where and how can I change the configuration of a MDM profile? Can the MDM profile be overriding this change?

Look · ‎05-06-2015

That looks exactly as mine does which is definately working.
The MDM Profile I think is just the main management and enrollment profile nd can't be changed as such (although it is probably generated from settings within the JSS).
Is the changed profile showing up correctly on the client machines, can you see the Custome settings there?
If not then remove the MDM profile which will remove basically everything and then run

sudo jamf manage

from the the terminal to have it reapply everything.
Also just in case it's relevant we are applying it at the machine level not user level (user level always seems to take much longer to come into effect for some reason).

andysemak · ‎05-07-2015

This needs to be set in the Passcode configuration profile:

bbot · ‎05-07-2015

@Look I can definitely see the forced custom setting in there. I'll copy and paste what I see in the "profile" button in system preferences when I get onto my test Mac. The policy is set at user level. Is it best practice to use machine level for configuration profiles? I believe the idea behind the people who set up Casper set it to user so that it doesn't apply to the local admin account. Also, how much longer do you think it takes to take effect?

I've tried removing and re-adding by the jamf commands in terminal.

bbot · ‎05-07-2015

@andysemak I'll also give that a test in passcode configuration. Thanks!

bbot · ‎05-07-2015

Looks like the Passcode configuration worked. Changed to immediately and it immediately took affect after doing a jamf manage. Thanks everyone!

bbot · ‎05-07-2015

How long does it take for profiles to take after making a change and selecting apply to all computers using set at user level and computer level? I can manually sync the new configuration profiles using terminal commands, but would not like to do this for all 300+ machines on our network.

Jamf Nation Community

MDM profile / Configuration profiles