Screens locking in labs, with student accounts, even though screen lock disabled

rstasel
Valued Contributor

Hi All,

I've been having a weird issue since we upgraded our labs to 10.12.6 over the summer (previously on 10.11). No matter what I try, I can't get the lab machines to not have their screens lock when the students walk away rather than logging out of the lab machines. So next person comes, and it says they have to use the previous student's password to unlock the screen. This obviously doesn't work, so to fix they come to my helpdesk where we issue a "killall loginwindow" via ARD. =/

Anyone else seen this? What am I missing here? We're running Jamf Pro (Casper) 9.100 both as the JSS and the client binary. I'm mainly using configuration profiles to enforce settings, like AD binding, printers, etc.

Thanks!

6 REPLIES 6

kendalljjohnson
Contributor II

Not sure the settings you have applied to try and make this happen, but the way I have addressed this is enabling Fast User Switching on the lock screen (but disabled in the menu bar) which gives the option for someone else to log in. I then have a login script that checks if any other users are logged in, and if so kill their session. This give the ability for a student to go use the bathroom but have their station secure while they're gone, but still help the scenario of them completely abandoning their session and not having the next student perform a hard shutdown.

tcandela
Valued Contributor II

@kendalljjohnson i also setup 'fast user switching' for this same purpose. Can you share that login script that kills any other logged in users?

sometimes i go into activity monitor to kill the sessions.

kendalljjohnson
Contributor II

@tcandela

For sure. I made it a while back so I'm sure there are better ways to go about it, but this was my best go and (to my knowledge) hasn't needed to be addressed since. Any suggestions are always welcome!

#!/bin/bash

#allow user profile to get logged in and recognized
sleep 10

#define user running command
commandUser=$(whoami)

#define the new user logging in
newUser=`find /Users -type d -name .svn -prune -o -mmin -1 -type f -print | head -1 | cut -d / -f 3`

echo "New user logging in: $newUser"

#define other users logged or running process, excluding known users that might need to be involved
otherUser=$(who | awk '{print $1}' | grep -v $commandUser | grep -v $newUser | grep -v yourLocalJamfAdmin | grep -v _mbsetupuser | grep -v root | head -n1)

echo "Original user being logged out: $otherUser"

if [ -z $otherUser ];

    then
        echo "no other user logged in"
        exit 0

    else
        echo "logging out $otherUser"
        pkill -KILL -u $otherUser

fi

rstasel
Valued Contributor

Hmm, I don't overly want to do that since I'm pretty sure they don't care about securing the workstation. This is just the fact that the screen is set to sleep after 15 or 30 minutes, and even though I disabled requiring password on screen sleep/screen saver (box is unchecked in the Configuration Profile), it STILL locks the screen. =(

rstasel
Valued Contributor

So, just to clarify, people do have this issue, and have worked around it this way, or people don't have this issue but have it on purpose because they've got fast user switching turned on?

The other option would be to set "Require password" to "8 hours after screen or sleep saver begins".

Nix4Life
Valued Contributor

@staze You may want to take a look at the at caffeinate, try running man caffeinate from terminal. When i was in edu I used it all the time. If you search jamfnation there are a bunch of posts