Jamf Nation Community

thanks alex- setting this through a custom key in a config profile gives the greyed-out checkbox my security people know and love? just setting it isn't enough, I need the users to be unable to change it.
Also, did you create your profile in profile manager or on the JSS?

I though it was just me. Since upgrading our server to 10.7.4 the screensaver didn't activate like it did previous every 15 minutes. In the end I set a launch agent to run a script to activate it every hour, but weirdly seems to activate every 10 minutes now lol!

@tkimpton did you do 600 or 3600 in your interval on the launchdaemon? its seconds not minutes.

thanks, everyone- the profile appears to be working almost as expected. on some machines, though, the screensaver password prompt option is greyed out but UN-checked. Any ideas?

bumpity

i've noticed that custom config profiles created with the JSS, at the one to suppress the iCloud prompt, are keyed to the OS version they are created on. My LastSeenCloudVersionKey was 10.8.

Once I upgraded my test box to 10.8.1, that profile stopped working. Moving it back to an MCX got it working again. I did not test changing the key to 10.8.1, nor do I care if that does actually fix it -- i'm not about to edit and upload new plists every time apple updates their damn software.

I do like the "greyed out" feature that config profiles give you though, not letting settings be changed, even if only for that login session, is REALLY nice. But MCX CAN'T die... please? Either that or fix your config profiles Apple/JAMF!

I do like the "greyed out" feature that config profiles give you though

Are your MCXs not greying things out? They should be if you're not doing "at next login only" settings.

they aren't, and I don't get the option to set them as "system/user level enforced" unless i create them from a template.

Anyone have any luck setting a custom profile by uploading a plist to set the screen saver to require a password at 15 min after sleep or screen saver begins. We are moving away from all of our mcx records and need to set our staff machines to require a password. Where do I find the plist on a 10.8.4 machine after I have this set?

Why are you getting away from MCX? It still works in Mountain Lion.

Teresa,

I had the sleep part working, the issue I think is that the configuration profile is not controlling the sleep setting the same as MCX/plist. You can still use parts of the MCX/plist to some setting but not all.

I think this doc will get you going

http://developer.apple.com/library/ios/#featuredarticles/iPhoneConfigurationProfileRef/Introduction/Introduction.html

This is a noob question but how does one write a custom configuration profile?

Thanks,
James Shipman

@acsdesigntech:

Once I upgraded my test box to 10.8.1, that profile stopped working. Moving it back to an MCX got it working again. I did not test changing the key to 10.8.1, nor do I care if that does actually fix it -- i'm not about to edit and upload new plists every time apple updates their damn software.

I believe this key is OS X version specific. I was managing this key using Managed Preferences on Casper, and I need to update whenever a new version of OS X is released. If your managing MCX from an OS X Server box, I believe this key gets updated automatically when you update your server. Could be wrong on that though, just going by limited testing... it's definitely one of the more oddly behaving property list/MCX files out there in Mountain Lion...

@LVISDJShip

Custom profiles contain just the keys and values you'd find in an application's normal plist preference file with the values set to your own choosing.

For example, the Finder has a preference to show or hide all filename extensions (Finder menu --> Preferences... --> Advanced). If you want to manage that specific preference you can do the following:

1. Identify the Finder's preference file, which is ~/Library/Preferences/com.apple.finder.plist.
2. Locate the specific key that controls this preference. I use TextWrangler to compare plists created before my change to plists created after my change to help me find the correct keys.
3. Make a copy of the plist file with your preferred settings and delete all keys/values except for your own changes. Keep the plist header information. It should look something like:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>AppleShowAllExtensions</key>
    <true/>
</plist>

1. Save this copy of the file and import it into the profile.
2. Scope the profile to users or computers.

I haven't edited that mcx since 10.8.0. Deploying 10.8.2 now and its still working fine. Apple has a ways to go with config profiles before they're up to snuff for os x.