Security & Privacy: Require Password...

msample
Contributor II

Would like to run a policy or script that will engage the tab selection and change it from 5 minutes to "immediately" but not seeing where to control that when creating a config profile. Looking for a script to switch this feature. Any ideas?

ecc162e32e9a44c180e8a49074e2fa12

8 REPLIES 8

MAD0oM
Contributor

@msample you can do something like this:

*#!/bin/sh

# turn it on
defaults write com.apple.screensaver askForPassword -bool true
# set the delay in seconds, 0 = immediate
defaults write com.apple.screensaver askForPasswordDelay 0
# set the screen saver delay in seconds, 900 = 15 minutes
defaults -currentHost write com.apple.screensaver idleTime 900

you can run as a policy on login or you can get deeper and have a LaunchAgent. Let me know if this helps

msample
Contributor II

@MAD0oM Thanks, S.C.

I'll run it in a test and monitor the results. Thanks for the tip, the delay at 0 should do it.

ZachB
New Contributor

This is what I have done which greys out the option to change the time or to uncheck it.
Create a configuration profile with a custom setting, upload the com.apple.screensaver.plist file with the following settings.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>askForPassword</key>
    <integer>1</integer>
    <key>askForPasswordDelay</key>
    <real>5</real>
    <key>tokenRemovalAction</key>
    <integer>0</integer>
</dict>
</plist>

If you get an error when you attempt to upload the plist file make sure you convert it to an xml1 first by running the command

plutil -convert xml1 some_file.plist

Edit: in my plist above, the askForPassword setting is in seconds, so this plist would give the user 5 seconds before asking for a password.

msample
Contributor II

@ Zach Thanks, Zack. Pretty cool, I could use the lockdown piece...haven't had a chance to get test the first piece but this is steering things in the right direction.

lee_smith
Contributor

Hey @ZachB, @MAD0oM and @msample

What if I wanted to set the checkbox to be unchecked?

-also-

@ZachB I am a noobie, where do I begin in making the above plist?

Thank you all in advance!

ZachB
New Contributor

What I sometimes do to find out which plist to use for the setting I want is to run Composer and do a snapshot, make the change, and compare the snapshots. This will identify the plist. Then you can browse to the plist in Finder with "show preview" enabled in Finder, then you can see the changes made to the plist instantly while you make them. Then, once your changes are set, take that plist and make a copy of it to a different location, then run the plutil commant above so JSS will recognize it. To use the plist to hard set the settings, open JSS and create a new configuration profile, select the "Custom Settings" option and upload the plist. Global plists kept in /Library/Preferences/ should be hard set when using this method, I have had issues with changes not taking when trying to apply this method to plists in ~/Library/

hdsst3
New Contributor

The script does not work after a different user logs in.

The changes don't stick.

Therefore one can guess it is a user preference.

So the default user template needs to be modified.

spotter
New Contributor III

Here are the steps I took to ensure any user will have to enter a password "Immediately" after screen saver starts.

Password (CP)
955c724db1d140c890457eb2dbf537b5

Security & Privacy (CP)
3c818a5cb7514f1286fa1e47b0f4dccd