Setting ScreenSaver to Never

Janothin
New Contributor II

I am having an issue with Jamf having "Start screen saver after" unchecked within a configuration profile, yet after 20 minutes each one of the iMacs run their screensaver. Does anyone have a workaround to changing the screensaver time from 20 minutes to never without me having to apply it individually per workstation?

1 ACCEPTED SOLUTION

mm2270
Legendary Contributor III

This can be done, but you need to use a Custom Settings payload with a plist uploaded.
The trick to getting the screensaver to not kick in at all is to set the idleTime setting in the com.apple.ScreenSaver.plist to 0

You can do that with the following set of commands in Terminal

defaults write ~/Desktop/com.apple.ScreenSaver.plist idleTime -int 0
plutil -convert xml1 ~/Desktop/com.apple.ScreenSaver.plist

Then go into Jamf Pro, create a new Configuration Profile and add a Custom Settings payload. Upload the plist on the Desktop that was created using the above steps and it should look something like this:

0f0e1b9bd528412394673ac6f4ba7594

One key thing about this - It must be set as a User Level Profile. A Computer Level profile won't work in my experience. What this means is that once it's scoped it may not get pushed down to any devices in scope until they either log out/in or an inventory collection is run on them. So if you're scoping it to a test Mac to start with, just run a sudo jamf recon on the Mac and you should see the profile get pushed down into the Profiles preference pane.

Once it's been successfully pushed to any MDM enabled accounts on your Macs, the setting in the Desktop & Screen Saver Pref Pane should look like this:

87fb61b2dde8440f97ce2e7f8117096c

Because its a profile, it does lock out the setting from being changed by anyone as you can see in the above screenshot. Not sure if that was the ultimate intention, but that's how it will work.
Good luck, and post back if you run into any problems.

View solution in original post

5 REPLIES 5

mm2270
Legendary Contributor III

This can be done, but you need to use a Custom Settings payload with a plist uploaded.
The trick to getting the screensaver to not kick in at all is to set the idleTime setting in the com.apple.ScreenSaver.plist to 0

You can do that with the following set of commands in Terminal

defaults write ~/Desktop/com.apple.ScreenSaver.plist idleTime -int 0
plutil -convert xml1 ~/Desktop/com.apple.ScreenSaver.plist

Then go into Jamf Pro, create a new Configuration Profile and add a Custom Settings payload. Upload the plist on the Desktop that was created using the above steps and it should look something like this:

0f0e1b9bd528412394673ac6f4ba7594

One key thing about this - It must be set as a User Level Profile. A Computer Level profile won't work in my experience. What this means is that once it's scoped it may not get pushed down to any devices in scope until they either log out/in or an inventory collection is run on them. So if you're scoping it to a test Mac to start with, just run a sudo jamf recon on the Mac and you should see the profile get pushed down into the Profiles preference pane.

Once it's been successfully pushed to any MDM enabled accounts on your Macs, the setting in the Desktop & Screen Saver Pref Pane should look like this:

87fb61b2dde8440f97ce2e7f8117096c

Because its a profile, it does lock out the setting from being changed by anyone as you can see in the above screenshot. Not sure if that was the ultimate intention, but that's how it will work.
Good luck, and post back if you run into any problems.

ryan_s
New Contributor II

I'm following your guide @mm2270 but I cannot seem to get the profile to push to any endpoints when using "User Level" scoping. As you say Computer Level scoping results in the profile being successfully delivered, but the payload doesn't seem to work. After adjusting to "User Level" I can no longer get the profile to show up on the Mac (multiple recons, multiple reboots, re-managing, etc) -- even scoping it to All Users / All Computers does not seem execute as I'd expect

When you say "...pushed to any MDM enabled accounts" I'm wondering if this is my problem. The computers in-scope for my profile are all kiosks, with local user login (i.e. 502-type account). Would this be my culprit? If yes, is there any way to still force JAMF to push it down anyway?

mm2270
Legendary Contributor III

Hi @ryan.s So, by "any MDM enabled accounts" what I mean is, if you go into a computer record and look in the General tab for a line labeled "MDM Capable Users" That should show a list of one or more user accounts that can receive user level profiles. If your user accounts are all local, be aware that only one local account can be MDM enabled. If they are AD users, then any of them can be. I'm not sure why it works that way, but that's how it is.

If the user you are trying to push the profile to is not listed as MDM enabled, then it will never get the profile pushed to it. It's not a machine certificate, so it works differently.

Hopefully that helps a bit.

mmobin
New Contributor II

Thanks for this, saved me a couple of days of headche. I have 11 M1 mac minis being used as Zoom Rooms, they all had a existing config profile with the login window payload that disables the screen saver. for some reason the config profile was not applying the screen saver part and every 20 mins or so the Screen Saver would start. I applied the above as a new config profile but based it on Device level instead of User level as i dont have any MDM enabled accounts on these machines. and it seems to be working. 

STANDINGROBOT
New Contributor

I can confirm @mmobin this is working for me as well. Having it set to User-Level removes the profile, while Computer-Level adds it back.