Hi all -
We have an entire computer lab with MacBook Pros. They are all set to auto login to a generic account for elementary students to use. Everything works fine, but when the screensaver comes on or the laptop goes to sleep it is set to lock immediately. We need to go and uncheck all of them from automatically locking, but students can go back and change them.
Is there any way to disable this setting from Security & Privacy from being checked or unchecked with a configuration profile or a script? We want the screensaver to come on, but we don't want them to lock the students out.
I have been searching everywhere for a solution and can't seem to find anything.
Sounds like hiding and/or disabling the System Preference Pane for Security might be what you are looking for and MCXToProfile;
Set MCXToProfile to manage and it should lock the time to start screen saver
See my com.apple.screensaver.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<dict> <key>CleanExit</key> <string>YES</string> <key>PrefsVersion</key> <integer>100</integer> <key>moduleDict</key> <dict> <key>askForPassword</key> <integer>1</integer> <key>askForPasswordDelay</key> <real>0.0</real> <key>moduleName</key> <string>ApolloGroup</string> <key>path</key> <string>/Library/Screen Savers/ApolloGroup.qtz</string> <key>tokenRemovalAction</key> <integer>0</integer> <key>type</key> <integer>1</integer> </dict>
You can modify the com.apple.screensaver preference file using a script or a configuration profile (custom settings).
The line below is equivalent to unchecking the box in System Preferences. You can change the integer to your desired time.
defaults write /Users/[username]/Library/Preferences/ByHost/com.apple.screensaver askForPassword -int 0'
I know typically it's recommended to keep every payload separate, but on laptops specifically we had issues with the Security & Privacy and Login Window payload. In our case, computers kept getting different login windows, but we resolved it by combining the two payloads into one configuration profile.
It might be worth trying combining these two payloads. I believe this was chalked up to a PI, but I couldn't tell you which one.