Jamf Nation Community

Thanks for your reply. I've tried including the UUID like you did but the results were the exact same: works manually but not through Jamf. In my experience you don't always need to specify the full plist name.

I'm only needing to read, not write like your script is doing, but I will still try pasting your script in to see if I get different results. Will post back shortly.

You only need to read the IdleTime setting from that plist?

#!/bin/bash

## Get logged in user
loggedInUser=$(stat -f%Su /dev/console)

## Get logged in UID
loggedInUID=$(id -u "$loggedInUser")

## Run read command as logged in user
setIdleTime=$(/bin/launchctl asuser $loggedInUID sudo -iu "$loggedInUser" "defaults -currentHost read com.apple.screensaver idleTime")

echo "$setIdleTime"

The above should work fine under 10.10.x and up. It will not work with older versions of OS X though.

I have a little AppleScript thingy that sets the screen saver timeout if that's what you're wanting to do:

#!/bin/bash

# Setting Screensaver delay in seconds
osascript -e 'tell application "System Events" to set delay interval of screen saver preferences to 120'

exit 0

If you're just looking for reporting what @mm2270 posted should work, except you'll need echo "<result>$setIdleTime</result>" so it displays correctly on the computer record.

@mm2270 Thanks! This looks promising, I'll give it a shot.

@emily I'm actually only needing to read the value, not change it. I believe I'd need the result tags if I'm dealing with extension attributes, but this is just a script pushed through policy.

So not much progress for me unfortunately.

I tried your idea, @mm2270, without success. The policy log showed: "Script result: -bash: defaults -currentHost read com.apple.screensaver idleTime: command not found"
I get this same result when running the script manually, so I don't think Jamf is to blame for this. Maybe a syntax error?

I tried @khey's script to attempt to write changes (even though I'm only needing to read). This seemed to successfully edit the plist value, but the time changes were not reflected in System Preferences and the computer did not fall asleep in accordance with the new value in the plist. Rather it fell asleep according to what was still specified in System Preferences. Oddly enough after applying this script, changing the screen saver time manually in System Preferences no longer seems to adjust the value in the plist anymore. Bizarre...

As a next step I may look into @emily's AppleScript idea. I'll post back with how that goes.

@quintondixon Are you running Sierra 10.12.6 by any chance? I was trying to change Trackpad prefs last week on newly imaged 10.12.6 system using scripts that reportedly worked as of 10.12.2 with no luck, so I'm wondering if cfprefsd changed in 10.12.6 such that we've got more prefs that can't be changed without user action.

@StoneMagnet I've been doing all my testing on 10.12.5. Maybe I should bump back a few versions and see if I get different results, sometimes it's hard to stay on top of Apple's changes.

@quintondixon Just curious but what OS are you running this on? I've seen a number of other folks post similar "command not found" errors and I'm thinking there is some difference now in more recent OS versions that's causing this, but I don't know exactly what that difference would be.

Also, it might help us if you either posted the rest of the script you're using this in, or gave us more details on what the end goal is. There might be some other way to accomplish the goal here, though not sure.

@StoneMagnet and @quintondixon Sounds like all of us were reaching the same possible conclusion at the same time. :) I think something changed in 10.12.5 and up that may be causing the failures. I will have to do some testing on a current 10.12.5/6 system to see.

Essentially I'm creating a tool for our internal auditors to verify idleTime is <= 20 minutes. Because screen saver settings are unique per user, my initial thought was an extension attribute script that would loop through all home directories to return each user and their idleTime. I ran into issues so I thought I'd simply try reading idleTime via a login script (and push it into a CSV) just to see if I could get that to work first. I do have that working through the following SH script when ran through terminal:

#!/bin/sh

outputFile=/Users/Shared/Compliance/ScreenSaverTimeout.csv
currentUser=$(ls -la /dev/console | cut -d " " -f 4)
idleTime=$(su -l $currentUser -c "defaults read /Users/$currentUser/Library/Preferences/ByHost/com.apple.screensaver idleTime")

#Create CSV if it doesn't exist
if [ ! -e $outputFile ]; then
    mkdir -m 757 /Users/Shared/Compliance
    touch $outputFile
fi

#Check if user is already in CSV
count=`cut -f 1 -d , $outputFile | grep -ic $currentUser`
if [ $count -ge "1" ]; then
    echo Exists, updating...
    sed -i '' "/$currentUser/d" $outputFile
    sed -i '' '/^$/d' $outputFile
    echo "$currentUser,$idleTime
" >> $outputFile
else
    echo Brand new, adding...
    echo "$currentUser,$idleTime
" >> $outputFile
fi

But this same script does not execute the same way when put into Jamf policy and ran on the exact same machine. I end up with "The domain/default pair of (.../com.apple.screensaver, idleTime) does not exist".

I'll make sure to be more specific with OS version in my future posts. I did just test this on 10.12.3 and got the exact same result as 10.12.5: running script manually works but through Jamf policy does not. @mm2270 I just tested your script on 10.12.3 and still got command not found.

If it's still of any interest..

I created a new Configuration Profile for the Idle time.

I got it to work by referring to this Developer Document: https://developer.apple.com/enterprise/documentation/Configuration-Profile-Reference.pdf

This has a list of payloads for ALL Config Profiles.

So, rather than specifying "com.apple.screensaver.ByHost" I used the folowing user level screensaver payload : "com.apple.screensaver.user"

Works every time!!