Jamf Nation Community

shalford · ‎09-03-2015

We are in an AD school environment where students are logging onto and off from the iMacs in our labs each class period throughout the day. When the display goes to sleep after X amount of inactivity, the computer locks the computer with the current account that is logged in.

I added the Energy Saver Configuration settings, and unchecked "Require Password Immediately after screen saver or sleep begins" I thought this might disable the computer from locking, but it did not.

We current have the the configuration policy set to log off the user after 60 minutes of inactivity. The logic behind this was incase the student was working on a project and left the computer sitting for the period.

Any suggestions or help would be greatly appreciated.

Kaltsas · ‎09-03-2015

I use a custom Config Profile to set display sleep.

{tokenRemovalAction=0, askForPassword=1, askForPasswordDelay=60, idleTime=1200}

This enables the screen saver in 20 minutes, and requires a password after a 1 minute delay. This is configured this way because our security policy requires screen lock within 20 minutes of idle. Added benefit users can still modify the computer sleep and display sleep to their hearts desire.

idleTime you could set to 3600 for 60 minutes.

I'm not sure how this might interact with your config profile to log the system out after 60 minutes.

grecopj · ‎09-03-2015

Having the same exact issue. It becomes a problem in the case where a student leaves without logging out. It locks the screen and the next user can't even shut down or restart. They are having to power down with the power switch.

I tried creating a profile under privacy settings. There is an option there for requiring or not requiring a password. Still trying to see if that will work. I originally set it to be Computer Level but that did not work. Seeing if User level does the trick. Not even sure if it will work at all. Will post back.

Kaltsas · ‎09-03-2015

The built in profiles are not flexible enough. If you wanted to ensure they couldn't lock you could set askForPasword=0 instead of 1.

I use the following profile settings to make em stick.

Distribution Method
Install Automatically
Level
Computer Level

davidacland · ‎09-03-2015

FWIW, I've spent a bit of time on this with a few clients and found the results to be really inconsistent. I'm using a custom config profile as well, but also tried defaults write with login scripts.

Changing the idle time seems ok, but stopping a Mac from requiring a password when waking from sleep or screensaver really isn't. I can get the checkbox unticked, but then the screen still locks anyway.

So more of a warning to stumbling on this post in the future, this isn't as straight forward as it first seems!

sean · ‎09-03-2015

Try user level and com.apple.screensaver.ByHost.

We actually set both MCX for com.apple.screensaver.ByHost to always require password and edit the User Template to include this during the build process.

#!/bin/bash

ByHostUID=`ioreg -rd1 -c IOPlatformExpertDevice | awk -F """ '/UUID/ {print $(NF-1)}'`

if [[ "$ByHostUID" =~ ^"00000000-0000-1000-8000" ]]
then
        ByHostUID=`echo ${ByHostUID##*-} | tr [:upper:] [:lower:]`
fi

PlistBuddy -c "Add :askForPassword integer 1" "/System/Library/User Template/English.lproj/Library/Preferences/ByHost/com.apple.screensaver.$ByHostUID.plist"
PlistBuddy -c "Add :idleTime integer 600" "/System/Library/User Template/English.lproj/Library/Preferences/ByHost/com.apple.screensaver.$ByHostUID.plist"
PlistBuddy -c "Add :moduleName string Computer Name" "/System/Library/User Template/English.lproj/Library/Preferences/ByHost/com.apple.screensaver.$ByHostUID.plist"
PlistBuddy -c "Add :modeulePath string /System/Library/Frameworks/ScreenSaver.framework/Resources/Computer Name.saver" "/System/Library/User Template/English.lproj/Library/Preferences/ByHost/com.apple.screensaver.$ByHostUID.plist"

Jamf Nation Community

Prevent Computer From Locking