Jamf Nation Community

Permalink · ‎08-19-2010

Hey all,

So here's what we're running into. We'd like to force a password to wake
from the screensaver. The problem is that in 10.6 this has become a user
ByHost setting...I'm not having any luck with the JAMF MCX settings.
I've verified that `defaults -currentHost write com.apple.screensaver
-int 0` will successfully check that box in the system preferences >
security window.
The issue with that is that the user has to run that command, which you
have to be an admin to run. How do I get an ongoing policy in Casper
that can run that command as the user, or is anyone else using
MCX/policy to enforce this setting?

I'd ultimately like to have that box checked for every user and disabled
so they can't click on it after we've checked it.

Thanks,
Bob

jarednichols · ‎08-19-2010

MCX would be the best way to go if you want to actually disable that setting. It'll grey it right out.

j
--
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

tlarkin · ‎08-19-2010

Real quick response is to see how owns the console

#!/bin/bash

CurrentUser=/bin/ls -l /dev/console | usr/bin/awk '{ print $3 }'

# now execute unit commands as that user

/usr/bin/su $CurrentUser <some unix commands>

exit 0

or you can loop through /Users if all your user accounts live there...

#!/bin/bash

# loop through users

for u in `/bin/ls /Users` ; do

/usr/bin/su $u <some unix commands>

exit o

The su command will execute it as that user

tlarkin · ‎08-19-2010

I ditto the MCX....

Download sever tools. Run Work Group Manager locally on the machine. Set a computer level policy under the guest computer in WGM. Test it
out on the machine locally. Once you achieve what you want you can use
dscl to export/import that mcx file, or probably just plug it right into
Casper. Be careful though as computer level policy applies to all user
accounts. So you may want to do a user level, or even group level. Then with a simple script you can add users to groups and import MCX or
add it to user account on the user level, and so forth.

golbiga · ‎08-19-2010

Here are the settings that I have in Casper MCX for this. Works for us.

Thanks
Allen Golbig

![external image link](attachments/1d7562453e044741a7744a4e893468e2)

Permalink · ‎08-19-2010

These are the same MCX settings I've got set currently in our JSS. I'm
getting spotty results with this though. 1 of the machines on my desk
have the box checked and greyed out. The other 2 both are unchecked and
any user can click that box whether the settings window is locked or
not.

Tom, I've tried doing a script similar to that but I'm getting a
response that my defaults statement is wrong...which I know is not the
case...not sure what's going on there.

I'll play around with the Workgroup Manager stuff, thanks for the
suggestion.

Bob

![external image link](attachments/255d2742f972413fb966704275f82241)

a_holley · ‎05-31-2018

Ok, I know this is an old thread, but I am trying to find a solution to this question.
I want to run a script to change the time display settings in the menu bar to show the seconds. This is for our local admin account on machines set up with DEP. I don't want to lock this setting down, just change it after we log in for the first time.

I run into an issue when I try to put the defaults write command into a script, because it doesn't run as the current user. I can change it in the default template, but again, that doesn't impact our local admin account, because that is set up during the DEP process, before the default template gets created.

I have been on this for a while now, so if anyone has a suggestion, that would be great.

mjhersh · ‎06-04-2018

Have you tried something like su adminuser -c 'defaults write blah blah blah'?

There are various ways to dynamically retrieve the name of the currently logged in user to put in place of the hardcoded 'adminuser' name, but that's the basic idea. Does that work?

Nix4Life · ‎06-04-2018

@a.holley have you tried outset with the login-once option? Most use outset with dockutil for dock setup

outset

a_holley · ‎06-04-2018

@mjhersh , I've tried that, it doesn't seem to work. I've also tried to retrieve the currently logged in user, but again, I seem to run into issues with that also.

clrlmiller · ‎06-05-2018

Have you tried something like UserAcct=$(last | grep console | tail -n 1 | awk '{print $1}') ... to pull the current/last user logging into the console

then

su $UserAcct insert your command or script to run name here

Running script as currently logged in user