There must be something I am missing with this preference, no matter what I try the setting under Security & Privacy -> Require password after sleep or screen saver, is always checked and set for immediately. I believe it is this setting that is locking our stations when people walk away from their desk. I don't really want to log anybody out, and do like the idea of auto locking the station like Windows does, but at least Windows allows somebody else to log in (Switch User). When this happens (God forbid on the local Administrator account) a hard reboot is the only way to get on a system.
I've followed others on the forums who had similar issues, but none of the solutions seem to help.
JAMF configuration profiles
I'm at a loss at this point and it is causing a lot of frustration with our users.
Oh, if only I had a dime for every thread that started with this topic (I'd probably have a dollar, maybe more!)
I'm going to guess (from your screenshots) that the issue is there seems to be also be a configured Loginwindow profile that you didn't post a picture of. From past threads, this problem typically comes from settings in that payload. If you disable it, the issue may go away. Or, you may be able to make the necessary adjustments in that Loginwindow payload and avoid the issue as well.
If I recall, there is or was a defect in Casper where some settings were being applied automatically in the JSS created Config Profiles and I think that was one of the settings. I'm not sure if this is still a defect or if its been resolved in a recent release though.
Hm...do you have a login window profile?
We have our Macs set to require password immediately when screen saver begins and they are prompted for a password but at the bottom shows the switch user icon....
We're on 10.11.* ours are also FileVault enabled and our prompt looks more like the log in window vs. the one in your screen shot.
We've currently abandoned the use of Security and Privacy Profiles as it also inadvertently specifies the Logout of a user after 30 minutes of Inactivity on 9.93, something that payload shouldn't be configuring.
Sorry, I forgot to post the Login Window configuration.
So my current plan is to remove these payloads, and create a custom configuration profile using the steps from macmule. I will post results, especially if I have success.