Security & Privacy - Require Password after sleep or screen saver begins

New Contributor II

Hi all -
We have an entire computer lab with MacBook Pros. They are all set to auto login to a generic account for elementary students to use. Everything works fine, but when the screensaver comes on or the laptop goes to sleep it is set to lock immediately. We need to go and uncheck all of them from automatically locking, but students can go back and change them.

Is there any way to disable this setting from Security & Privacy from being checked or unchecked with a configuration profile or a script? We want the screensaver to come on, but we don't want them to lock the students out.

I have been searching everywhere for a solution and can't seem to find anything.



Contributor II

If you go to Configuration Profiles in the JSS under the Security & Privacy section you can set Require password to unchecked and see if that works

New Contributor II

Cornoir, I did that and it didn't force any changes. You were still able to check/uncheck that box and adjust it to whatever time you want.

Contributor II

Sounds like hiding and/or disabling the System Preference Pane for Security might be what you are looking for and MCXToProfile;

Set MCXToProfile to manage and it should lock the time to start screen saver

See my

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "">
<plist version="1.0">
<dict> <key>CleanExit</key> <string>YES</string> <key>PrefsVersion</key> <integer>100</integer> <key>moduleDict</key> <dict> <key>askForPassword</key> <integer>1</integer> <key>askForPasswordDelay</key> <real>0.0</real> <key>moduleName</key> <string>ApolloGroup</string> <key>path</key> <string>/Library/Screen Savers/ApolloGroup.qtz</string> <key>tokenRemovalAction</key> <integer>0</integer> <key>type</key> <integer>1</integer> </dict>

New Contributor II

You can modify the preference file using a script or a configuration profile (custom settings).

The line below is equivalent to unchecking the box in System Preferences. You can change the integer to your desired time.

defaults write /Users/[username]/Library/Preferences/ByHost/ askForPassword -int 0'

Contributor II

I have tried modifying the plist file as described above, but the Macs still have "Require password immediately" checked by default.

Anyone know how to create a configuration file so this box is unchecked?



I know typically it's recommended to keep every payload separate, but on laptops specifically we had issues with the Security & Privacy and Login Window payload. In our case, computers kept getting different login windows, but we resolved it by combining the two payloads into one configuration profile.

It might be worth trying combining these two payloads. I believe this was chalked up to a PI, but I couldn't tell you which one.

Contributor II

Thanks for that suggestion @wesleya. It tried combining them, but that but it didn't resolve the issue.