Question

Security & Privacy - Require Password after sleep or screen saver begins

Forum|Forum|8 years ago
June 6, 2017
7 replies
63 views

manouka
New Contributor

Hi all -
We have an entire computer lab with MacBook Pros. They are all set to auto login to a generic account for elementary students to use. Everything works fine, but when the screensaver comes on or the laptop goes to sleep it is set to lock immediately. We need to go and uncheck all of them from automatically locking, but students can go back and change them.

Is there any way to disable this setting from Security & Privacy from being checked or unchecked with a configuration profile or a script? We want the screensaver to come on, but we don't want them to lock the students out.

I have been searching everywhere for a solution and can't seem to find anything.

Thanks!!

Cornoir
Contributor
Forum|Forum|8 years ago
June 6, 2017

If you go to Configuration Profiles in the JSS under the Security & Privacy section you can set Require password to unchecked and see if that works

manouka
Author
New Contributor
Forum|Forum|8 years ago
June 6, 2017

Cornoir, I did that and it didn't force any changes. You were still able to check/uncheck that box and adjust it to whatever time you want.

Cornoir
Contributor
Forum|Forum|8 years ago
June 6, 2017

Sounds like hiding and/or disabling the System Preference Pane for Security might be what you are looking for and MCXToProfile;
https://www.jamf.com/jamf-nation/discussions/22701/hide-system-preferences

https://github.com/timsutton/mcxToProfile

Set MCXToProfile to manage and it should lock the time to start screen saver

See my com.apple.screensaver.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict> <key>CleanExit</key> <string>YES</string> <key>PrefsVersion</key> <integer>100</integer> <key>moduleDict</key> <dict> <key>askForPassword</key> <integer>1</integer> <key>askForPasswordDelay</key> <real>0.0</real> <key>moduleName</key> <string>ApolloGroup</string> <key>path</key> <string>/Library/Screen Savers/ApolloGroup.qtz</string> <key>tokenRemovalAction</key> <integer>0</integer> <key>type</key> <integer>1</integer> </dict>
</dict>
</plist>

justincredible
New Contributor
Forum|Forum|8 years ago
June 7, 2017

You can modify the com.apple.screensaver preference file using a script or a configuration profile (custom settings).

The line below is equivalent to unchecking the box in System Preferences. You can change the integer to your desired time.

defaults write /Users/[username]/Library/Preferences/ByHost/com.apple.screensaver askForPassword -int 0'

dtmille2
Contributor
Forum|Forum|7 years ago
August 2, 2018

I have tried modifying the com.apple.screensaver plist file as described above, but the Macs still have "Require password immediately" checked by default.

Anyone know how to create a configuration file so this box is unchecked?

wesleya
New Contributor
Forum|Forum|7 years ago
August 2, 2018

I know typically it's recommended to keep every payload separate, but on laptops specifically we had issues with the Security & Privacy and Login Window payload. In our case, computers kept getting different login windows, but we resolved it by combining the two payloads into one configuration profile.

It might be worth trying combining these two payloads. I believe this was chalked up to a PI, but I couldn't tell you which one.

dtmille2
Contributor
Forum|Forum|7 years ago
August 2, 2018

Thanks for that suggestion @wesleya. It tried combining them, but that but it didn't resolve the issue.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded