I have a Configuration Profile setup the require password after sleep or screen saver. I have it scoped to only my computer and one other. On my computer the box is greyed out and checked, but when I start screen saver it does not require the password to unlock, it jut reopens. On the second system the check box is empty but the selection is greyed out.
My system is running 10.9.2
Second System is running 10.8.5
Any Ideas?
You have to build the profiles by hand if you use the prebuilt ones in the JSS, Configurator 2 and Mac OS X they cause conflicts.
one of the examples is a new key "maxInactivity"
https://developer.apple.com/library/ios/featuredarticles/iPhoneConfigurationProfileRef/Introduction/Introduction.html
C
Hi,
had the same issue.
I solved deploying one Configuration Profile with 3 payloads: Security&Privacy Login Window Custom (com.apple.screensaver.plist).
So far so good.
J
Same problem (9.9.1), except in our case, the Security & Privacy payload is causing Spotlight to spike to 100% CPU consumption. Has anyone else experienced that before?
@william.gregorian I have seen a couple of instances of Spotlight cpu usage spiking in the last month and couldn't find the solution for it. I'll see if removing this profile will help.
Also, I can't seem to get this to stick around. My users will initially be asked for passwords but after a few hours it stops requiring it.
This bug has been solved two times. With 9.92 I again have this problem, does someone experience the same issue?
@martin This is my solution.
Follow-up: What is the status of this issue now that 9.93 is in production?
Hi @dstranathan,
No, it's still not fixed. Combining the Login Window and Security & Privacy payload works for me.
Thanks @martin> combinging the 2 does not work for me. Same problem exisits.
Maybe I'm not on the same page as everybody else here. I'm trying to control the OS X Security and Privacy pane as follows:
Require Password:
NOT LOCKED.
I want the user to be toggle this on/off and select a time window. (We dont have a security policy at my employer)
Show a Message on lock screen:
LOCKED.
I set my company name using a profile. I dont wasnt user changing it.
Disable automatic login:
LOCKED.
I have it disabed in a JAMF profile and do not want it to be changed.
Allow apps to be downloaded from:
LOCKED.
"I have the radio button set to "Mac App Store and identified developers". I do not want users to change this.
Am I not able to configure the Security & Privacy in a JAMF 9.93 profle on managed Macs running 10.10 and 10.11?
I really hope this is addressed in 9.96....
Not fixed in 9.96.
Moving the two (Login and Security) into one profile worked for me. We are on 10.12.3
Thanks
Confirmed. Putting the two into one profile works. After some digging, I found the cause.
In the Login Options payload, you can set the time frame for the screensaver to start but not whether the screensaver requires a password. If you open the mobileconfig file though, there are two entries for the password requirement, pasted below. Those keys are set to false and 0 by default in that mobileconfig but are overridden by the keys in the Security payload when they're bundled together.
When MacOS loads those payloads separately, when they're in two different profiles, it seems to be pretty hit or miss on which it applies. Users in my organization would need the password one day and then not for the next week, only to have it required again for a couple days after that.
<key>askForPassword</key><false/>
<key>askForPasswordDelay</key><integer>0</integer>
Like dstranathan, I want to allow my users to change whether or not the "Require password" and be able to select the time drop down while locking down "Allow apps downloaded from" and "Disable automatic login". Does anyone have a solution for this besides not using the Configuration Profile?
Okay so we are in the same boat as many of you above we are running JSS 9.97 and this seems to mainly be effecting our 10.12.x machines. I have tried the fixes with the profiles of only login and security. It applies fine and we see one of two things. Either it un checks the immediate checkbox while still greyed out at some point, a recent phenomenon or it stays checked but the machine does not lock when using hot corners or the keychain lock in the menu bar. So with that said we are going back to basics and I am going to use the script offered above to implement this. The one thing I have not tried is the Maximum grace period for device lock set to immediate under passcodes. If anyone has insight into this that is not stated above I am all ears.
I'm seeing this in 9.96. Has this been fixed in a newer version of Casper Suite/Jamf Pro?
This seems to be an issue with the design of the "Login Window" payload...
@prbsparx how do you have your configuration profile set for the screen saver?
I have a configuration profile with two payloads: Login Window and Security & Privacy
I'm also on 9.96 and ours its working fine. (our macs are on 10.11.x and 10.12.x)
We had the settings as two separate profiles, I noticed people recommended switching to both in one profile and have done that. It appears to be working now.
Surprised that Jamf hasn't made it where it can be deployed as two separate profiles.
@prbsparx vote this up
https://www.jamf.com/jamf-nation/feature-requests/6281/break-up-multi-mdm-payload-gui-payloads
: )
C
Supposedly this is fixed as of 9.98. And 9.101 doesn't cause it to occur.
Can confirm this is not fixed as of 9.101. Having the same issue.
Combined Config Profile works for 10.11 and 10.12
Not working so well for 10.13...
Anybody seen this issue in 10.13 and found a fix?
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.