My collogues and I have been having issues with users reporting that after they update to 10.12.5 their machines no longer lock. At first, we thought it could just be a policy issue so we just re-pushed the policy but, a couple of days later the issue came back. I was wondering if anyone is having this issue if so what are they doing to fix it or any recommendations?
If you are running JSS from like 9.91 through 9.97 there is a bad payload being deployed with he login window configuration profile. It will deploy a payload for "askForPasswordDelay" that would conflict with the one deployed in the Security and Privacy configuration profile, even though the Login Window profile should not be deploying this payload and it will deploy the default option of like five minutes before locking. Apple says when it has two payloads for the same option that conflict, that conflict they can not say what will happen. Usually it acts like it has neither setting and goes with default actions, or something.
I hear the if you have the Login Window and Security and Privacy in the same configuration profile it usually acts fine but many, like myself, have them in different deployed profiles. There is a work around that was mentioned in January 2016 but I can't find the post.
Also, they say they fixed ti with JSS 9.98 but I have not had time to test it yet.
I know this was a little convoluted but I hope it helps. But, it you are not using these versions of the JSS or not using those profiles then this was for nothing. Hope any of this might help.
We were testing this in 9.98 and the issue was still not fixed. We sent screenshots to our account rep. I just moved jobs so I haven't had a chance to test in 9.99 to see if the issue is resolved there or not.