Problem setting screen lock on Mac

Jakov
New Contributor III

Hi,

We tried to create a policy for setting a password on a screen lock after 5 seconds and created a policy in Configuration Policies > Security and Privacy
However the Mac does not ask for a password after a user locks the screen or puts it to sleep.
6befbd1e1e4c42f2b288a03a8cdcb4ac
35464c105b884b88854edc89bbf04333

If I remove the policy and set the lock-policy manually, it works fine...

What did we do wrong?

8 REPLIES 8

strider_knh
Contributor II

We are having this same issue. In our case it appears to be that the Login Window configuration profile has in its payload 'Screensaver ask for password = False'. This conflicts with our Security & Privacy profile that tells it to ask for a password immediately. Apple's documentation says that when two different profiles set conflicting data to one setting that it is left 'undefined'. I am not sure what this means but it leaves laptops unlocked.

Jamf's solution to our problem was to create a third profile and set this setting and install it using a package and the a terminal profiles command to install it. This does not always work in our case and a restart is known to some times make it stop working.

There is this known issue:
[D-007999] Screen saver settings in a configuration profile that is removed and re-applied to a computer are not retained.

This I believe is describing this issue (?) because the JSS will periodically re-install all the station's configuration profiles. It seems to aha started on our stations after the update to 9.2 and after the configuration profiles were re-installed automatically on stations. Fresh images also have had this problem so the re-isntall part may not be exactly accurate.

I hope some of this helps give you few idea since this is just from my experience and testing. I am hoping this gets fixed in JSS 9.3 when that gets released.

jamest
New Contributor

I am also having the same issue after it was working a couple days ago. I have setup a call with Jamf to see if this is a known issue. It seems to be happening all over the place. If they have a fix I will update when I have more information.

jrwilcox
Contributor

We have this issue as well. We were also provided the fix from JAMF, but after re-boot it does not work for us consistently. When you have 2 profiles with conflicting information what happens is undefined.

Jakov
New Contributor III

thanks for your replies.
We just disabled the "Login Window"-policy and the password works fine again. What we are going to do is make a script with a few 'default write' commands.

let's hope JAMF fixes the issue in the next version of the Casper-suite (9.83 of 9.9)

CorpTech
New Contributor III

This happened to us too. I got a hold or our TAM, and they were able to provide a custom managed config profile (.plist file) that we uploaded and pushed out.

thoule
Valued Contributor II

@Jakov I used a script as well. thoule's SS management. And I had a JSS policy to reinstall the script if it's missing or modified.

ShaunRMiller83
Contributor III

I just noticed this problem yesterday. Like the other folks on this thread I replaced my Login Window config with a shell script using default writes commands.

I also contacted JAMF Support and was told it was a known issue and they provided me this link

Jakov
New Contributor III

The problem as stated in your link is not exactly the same as we experience. However, there is another discussion going about the same problem, see https://jamfnation.jamfsoftware.com/discussion.html?id=9982