Jamf Nation Community

ImAMacGuy · ‎08-02-2012

I'm working on ML through SS deployment, and I have the firstboot package that is working properly except for turning on the screensaver password for the user that launched the SS task. However a new user that logs into the box it does work for (it's adjusting teh user template I assume)

How can i modify the script to work for the current signed in user?

# Disabling screensaver password requirement by commenting out this line - can be re-enabled later.
#
 defaults write /System/Library/User Template/English.lproj/Library/Preferences/ByHost/com.apple.screensaver.$MAC_UUID "askForPassword" -int 1
#

defaults write /System/Library/User Template/English.lproj/Library/Preferences/ByHost/com.apple.screensaver.$MAC_UUID "idleTime" -int 900

defaults write /System/Library/User Template/English.lproj/Library/Preferences/ByHost/com.apple.screensaver.$MAC_UUID "moduleName" -string "Flurry"

defaults write /System/Library/User Template/English.lproj/Library/Preferences/ByHost/com.apple.screensaver.$MAC_UUID "modulePath" -string "/System/Library/Screen Savers/Flurry.saver"

# Turn off DS_Store file creation on network volumes

defaults write /System/Library/User Template/English.lproj/Library/Preferences/com.apple.desktopservices DSDontWriteNetworkStores true

#Firewall Settings | 0 = Off | 1 = On For Specific Services | 2 = On For Essential Services
defaults write "/System/Library/User Template/English.lproj/Library/Preferences/com.apple.alf" globalstate -int 1

mm2270 · ‎08-02-2012

I haven't used this recently. so I'm not sure if it still applies but I think using

defaults -currentHost write

will allow you to write to the ByHost prefs folder for the logged in user. Again, I've not used this in some time now, so you'll need to test that out.

ImAMacGuy · ‎08-02-2012

Hmm, modified the script and redid the system, but it still didn't seem to work.

I added the defaults -currentHost as follows to each of the lines. (below is an example)

defaults -currentHost write /System/Library/User Template/English.lproj/Library/Preferences/com.apple.desktopservices DSDontWriteNetworkStores true

mm2270 · ‎08-02-2012

Eh, I didn't read your first post carefully enough., My bad. You're trying to write into the /System/Library/User Template location, not into an actual user folder located in /Users/ The -currentHost flag ain't gonna work in that case.

I guess I'm not clear on what you mean by saying "How can i modify the script to work for the current signed in user?" You're not trying to target the logged in user with the above script, so, what are you looking for exactly?

ImAMacGuy · ‎08-02-2012

The goal is to give the logged in user to upgrade his 10.7.x machine to 10.8 through Self Service.

However, there are some changes that our security group has pointed out we need to change (for instance setting the screen saver password - which got missed in our 10.7 script).
So as a user, i want to go to Self Service, Install ML. Using that creatOSXInstall.pkg thing from http://managingosx.wordpress.com/2012/07/25/son-of-installlion-pkg/ i packed ML, Java, and our Firstboot.pkg which contains the script to do things like set the screensaver password.

So when teh logged in user completes the setup, ML is there, and everythign except teh screensaver is set for their ID.

The ScreenSaver gets set if a "new" user logs in, but not the current, i'm trying to get it to do both (some of the machines will be considered walkup machines and have multiple people logging in).

So I need the script to modify the current logged in user, as well as modify the template for any new user that signs on.

mm2270 · ‎08-02-2012

Any reason you aren't applying this through MCX instead? It still works fine in Mountain Lion. Or are these Macs going to be disconnected from Casper right after the upgrade? typically something like the screensaver password enforcement is best set via MCX, so you can lock it in place, if you need to.

ImAMacGuy · ‎08-02-2012

well, yes it could be, but some users demand longer time outs... figured its easier to set it then tehy can adjust the time and take it upon themselves to turn it off.

mm2270 · ‎08-02-2012

OK, in that case, have you tried applying it with User Level at Next Login Only in stead of User Level Enforced? Does that not work? I'm asking honestly since we don't apply it that way, so I don't know.

Edit: And just to back up a second, I thought that was a setting mandated by your security folks? But you're allowing users to disable it? Isn't that defeating the purpose?

bentoms · ‎08-02-2012

Well then do the MCX once... That way they can change it. :)

(I think you tried the script on my blog & found it didn't work for 10.7+).

ImAMacGuy · ‎08-02-2012

@mm2270 - re: your edit - yeah, great huh? enable it to appease security, but once the user has it in their hands they are free.

@bentoms - yeah i tried it, didn't seem to work for 10.7... I found this other script as a link from here ( i think) but i can't find the post anymore, but it does work for doing it.

I'm trying the MCX now, it seemed to grey out the option once I rebooted. I will reimage teh machine and try again. Thank you!

ImAMacGuy · ‎08-06-2012

I remember why i didn't want to use an MCX. it'se because a lot of people do presentations from their systems, and the screen saver kicks in during the presentations and disrupts everybody.

Is there a way to remove the MCX settings easily on a temporary basis for when this occures?

Matt · ‎08-07-2012

You could give certain users access to Caffeine. That will stop the SS from popping up.

Jamf Nation Community

ML Script to modify current user settings