That's one of the biggest requests we ever had in enterprise, and Apple have never given us a reliable way to manage these settings.
Mandate for our clients is usually lock-after-15-min and the user can't change it (unless they are admin; but as Miles says "then all bets are off").
Anxiously awaiting responses to this thread. :)
Don
                
     
                                    
            I'm using Managed Preferences (MCX) in Casper to manage our screen savers. Two preference settings:
Domain: com.apple.screensaver
Name: Require password for screensaver
Apply To: System Level Enforced
Key Name: askForPassword
Type: integer
Value: 1
Domain: com.apple.screensaver
Name: Idle Time
Apply To: User Level Enforced
Key Name: idleTime
Type: integer
Value: 900
The first setting enables the screen saver lock. The second setting activates the screen saver after 15 minutes.
I don't recall why I have System Level Enforced for the first and User Level Enforced for the second but this is what's working for me for 10.5-10.7.
As a matter of extra security I manage hot corner settings to prevent users from enabling a hot corner to prevent the screen saver from activating.
Yes, this disables users from being able to change the settings, however, this is either your organization's policy or it's not. I don't suggest implementing security policies of any kind unless your upper management will back you. Security is never convenient.
Alternatives:
- Enforce the lock and enforce the time but allow folks to enable a hot corner to prevent screen saver locking.
- Set the Apply To for idleTime to User Level at Every Login. This will allow users to change the setting but will revert whenever the user logs in again.
     
                                    
            and I don't really want that as I'm sure Im going to get pushback from the departments to remove it.
This is where you point at the policy you've just enforced and just stare at them.
                
     
                                    
            Ha ha just noticed the OP has linked to my blog!
Apologies it's now working on 10.7, tbh i don't have the requirement here..
Are you setting the "askForPassword" integer to 1?
                
     
                                    
            I've always used talking moose's method, works perfectly.  
heh, I even use 15 minutes as well! :)
                
     
                                    
            Hi Nick,  can users change the settings themselves through the pref pane?
We found they could hence the script, however this was a while ago & using WGM's MCX in OD.
                
     
                                    
            they can change the screensaver kick off time (since all my users are admins), but they can't disable the password prompt.  the kick off time is reset at every login.  our compliance department has signed off on that, but ymmv.
                
     
                                    
            @Ben - I set it to 1, I set the delayed time to 0.0, set the require PW to 1
It activates the check boxes and sets to immedaite, but when I put it into teh screensaver it doens't prompt for PW.
                
     
                                    
            @Nick, thamks for clarifying.. we had a SOX policy that required it to be set hence the script.
@John, I've not tested on Lion as we've not had that requirement in my new place of work.
We do have the same askForPassword MCX a Bill using Casper, but these are set @ user level.