Security & Privacy - Require Password after sleep or screen saver begins

manouka
New Contributor II

Hi all -
We have an entire computer lab with MacBook Pros. They are all set to auto login to a generic account for elementary students to use. Everything works fine, but when the screensaver comes on or the laptop goes to sleep it is set to lock immediately. We need to go and uncheck all of them from automatically locking, but students can go back and change them.

Is there any way to disable this setting from Security & Privacy from being checked or unchecked with a configuration profile or a script? We want the screensaver to come on, but we don't want them to lock the students out.

I have been searching everywhere for a solution and can't seem to find anything.

Thanks!!

7 REPLIES 7

Cornoir
Contributor II

If you go to Configuration Profiles in the JSS under the Security & Privacy section you can set Require password to unchecked and see if that works

manouka
New Contributor II

Cornoir, I did that and it didn't force any changes. You were still able to check/uncheck that box and adjust it to whatever time you want.

Cornoir
Contributor II

Sounds like hiding and/or disabling the System Preference Pane for Security might be what you are looking for and MCXToProfile;
https://www.jamf.com/jamf-nation/discussions/22701/hide-system-preferences

https://github.com/timsutton/mcxToProfile

Set MCXToProfile to manage and it should lock the time to start screen saver

See my com.apple.screensaver.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict> <key>CleanExit</key> <string>YES</string> <key>PrefsVersion</key> <integer>100</integer> <key>moduleDict</key> <dict> <key>askForPassword</key> <integer>1</integer> <key>askForPasswordDelay</key> <real>0.0</real> <key>moduleName</key> <string>ApolloGroup</string> <key>path</key> <string>/Library/Screen Savers/ApolloGroup.qtz</string> <key>tokenRemovalAction</key> <integer>0</integer> <key>type</key> <integer>1</integer> </dict>
</dict>
</plist>

justincredible
New Contributor II

You can modify the com.apple.screensaver preference file using a script or a configuration profile (custom settings).

The line below is equivalent to unchecking the box in System Preferences. You can change the integer to your desired time.

defaults write /Users/[username]/Library/Preferences/ByHost/com.apple.screensaver askForPassword -int 0'

dtmille2
Contributor II

I have tried modifying the com.apple.screensaver plist file as described above, but the Macs still have "Require password immediately" checked by default.

Anyone know how to create a configuration file so this box is unchecked?

241466e609134babb71e6cd144abcf3e
9f60fe94a1f0456dacf802dbc5868b51
d0621841120e43c9a538d7482d992430

wesleya
Contributor

I know typically it's recommended to keep every payload separate, but on laptops specifically we had issues with the Security & Privacy and Login Window payload. In our case, computers kept getting different login windows, but we resolved it by combining the two payloads into one configuration profile.

It might be worth trying combining these two payloads. I believe this was chalked up to a PI, but I couldn't tell you which one.

dtmille2
Contributor II

Thanks for that suggestion @wesleya. It tried combining them, but that but it didn't resolve the issue.