Setting "Require Password After Screensaver" via Configurtation Profile

csheridan
New Contributor

Hello all,

I'm attempting to set the "Require Password After Screensaver" to NOT require a password in Yosemite via configuration profile. I have uploaded:

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "{field{*fldinst{HYPERLINK "http://www.apple.com/DTDs/PropertyList-1.0.dtd"}}{fldrslt cf4 http://www.apple.com/DTDs/PropertyList-1.0.dtd}}">
<plist version="1.0">
<dict>
<key>askForPassword</key>
<integer>0</integer>
</dict>
</plist>}

as a custom configuration. The JSS seems to read it fine, showing:
external image link

However, none of my enrolled machines show the setting as disabled. The setting itself is unavailable (greyed out), so the computer is reading the config profile (as it also shows under profiles), and I can affect the require password timeframe option by adding:

<key>askForPasswordDelay</key>
<integer>900</integer>

But for the life of me I can't seem to get it to disable the "Require Password" checkbox! Any help would be greatly appreciated. I'd like to avoid using any MCX and stick with Config Profiles only...

1 ACCEPTED SOLUTION

bvrooman
Valued Contributor

It's already a preset within the Configuration Profiles tab; that tends to be much more reliable.

Passcode -> Maximum grace period for device lock -> Set to "--"

View solution in original post

9 REPLIES 9

bvrooman
Valued Contributor

It's already a preset within the Configuration Profiles tab; that tends to be much more reliable.

Passcode -> Maximum grace period for device lock -> Set to "--"

csheridan
New Contributor

Thanks! That worked out. Oddly enough, I think what I did originally worked as well (though just in a more convoluted way). The checkbox appears still checked, but at no point is it requiring a password. Huh...weird one.

matt_jamison
Contributor

Is the Password portion working for you guys? When I push it down to computers, it completely blocks users from being able to change their password. I'm using local accounts. Seems to be something new with 9.62 and Yosemite.

adamcodega
Valued Contributor

Well, on your JSS under Security & Privacy there is also an option to enable called "Allow user to change password"

matt_jamison
Contributor

@adamcodega I realize this but there is also a bug when using Security & Privacy that also stops me from using it. In fact, the 'Allow user to change password" doesn't even work. I've had a defect open on that for a very long time.

All I was asking, is if someone is using the Passcode portion and the local users can change their passwords.

zmbarker
Contributor

@oneloveamaru and @adamcodega, I have ran into similar issues where users cannot change their local account password. I discovered while working with Jamf and Apple, that our issue was caused by putting a check in the Alphanumeric requirement. Once I unchecked the Alphanumeric option, users could change their passwords again.

Unfortunately, I needed to get an approval from our security team to uncheck that requirement until Apple fixes the issue.

blackwoodT
New Contributor

@bvrooman, I have tried this within a config profile and cannot seem to get it to stop prompting for a password, does anyone have any other suggestions. On Yosemite machines.

Here is a screenshot of the profile:
external image link

jstandre
New Contributor III

This didn't fix our issue either. We are still getting the request for a screenlock password in Yosemite.

dferrara
Contributor II

@matt.jamison Hi Matt, what's your defect number if you don't mind sharing?