Posted on 02-24-2016 03:31 AM
We tried to create a policy for setting a password on a screen lock after 5 seconds and created a policy in Configuration Policies > Security and Privacy
However the Mac does not ask for a password after a user locks the screen or puts it to sleep.
If I remove the policy and set the lock-policy manually, it works fine...
What did we do wrong?
Posted on 02-24-2016 05:59 AM
We are having this same issue. In our case it appears to be that the Login Window configuration profile has in its payload 'Screensaver ask for password = False'. This conflicts with our Security & Privacy profile that tells it to ask for a password immediately. Apple's documentation says that when two different profiles set conflicting data to one setting that it is left 'undefined'. I am not sure what this means but it leaves laptops unlocked.
Jamf's solution to our problem was to create a third profile and set this setting and install it using a package and the a terminal profiles command to install it. This does not always work in our case and a restart is known to some times make it stop working.
There is this known issue:
[D-007999] Screen saver settings in a configuration profile that is removed and re-applied to a computer are not retained.
This I believe is describing this issue (?) because the JSS will periodically re-install all the station's configuration profiles. It seems to aha started on our stations after the update to 9.2 and after the configuration profiles were re-installed automatically on stations. Fresh images also have had this problem so the re-isntall part may not be exactly accurate.
I hope some of this helps give you few idea since this is just from my experience and testing. I am hoping this gets fixed in JSS 9.3 when that gets released.
Posted on 02-24-2016 06:11 AM
I am also having the same issue after it was working a couple days ago. I have setup a call with Jamf to see if this is a known issue. It seems to be happening all over the place. If they have a fix I will update when I have more information.
Posted on 02-24-2016 06:20 AM
We have this issue as well. We were also provided the fix from JAMF, but after re-boot it does not work for us consistently. When you have 2 profiles with conflicting information what happens is undefined.
Posted on 02-24-2016 07:41 AM
thanks for your replies.
We just disabled the "Login Window"-policy and the password works fine again. What we are going to do is make a script with a few 'default write' commands.
let's hope JAMF fixes the issue in the next version of the Casper-suite (9.83 of 9.9)
Posted on 02-24-2016 07:59 AM
This happened to us too. I got a hold or our TAM, and they were able to provide a custom managed config profile (.plist file) that we uploaded and pushed out.
Posted on 02-24-2016 08:04 AM
@Jakov I used a script as well. thoule's SS management. And I had a JSS policy to reinstall the script if it's missing or modified.
Posted on 02-24-2016 08:21 AM
I just noticed this problem yesterday. Like the other folks on this thread I replaced my Login Window config with a shell script using default writes commands.
I also contacted JAMF Support and was told it was a known issue and they provided me this link
Posted on 02-26-2016 12:44 AM
The problem as stated in your link is not exactly the same as we experience. However, there is another discussion going about the same problem, see https://jamfnation.jamfsoftware.com/discussion.html?id=9982