Posted on 03-22-2023 09:39 AM
Hello everyone,
I am trying to configure Screen Saver Corners Are Secure -tr-corner ( https://www.tenable.com/audits/items/CIS_Apple_macOS_13.0_Ventura_v1.0.0_L2.audit:d8e594473ad8782541...) and for solution I can create a profile.
But there is mentioned that "the key to include is Forced". Can someone please explain what is this key and how you use it?
Thanks,
Traian
Solved! Go to Solution.
Posted on 03-22-2023 10:38 AM
The simplest answer if you are using Jamf is to add the inner <dict> to a plist and copy it directly to the "Application & Custom Settings" payload in a configuration profile. So for example, if you want to set all the values to 0 you could use the following plist.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>wvous-bl-corner</key>
<integer>0</integer>
<key>wvous-br-corner</key>
<integer>0</integer>
<key>wvous-tl-corner</key>
<integer>0</integer>
<key>wvous-tr-corner</key>
<integer>0</integer>
</dict>
</plist>
This would create a profile with the following payload
<key>PayloadContent</key>
<dict>
<key>com.apple.dock</key>
<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<key>wvous-bl-corner</key>
<integer>0</integer>
<key>wvous-br-corner</key>
<integer>0</integer>
<key>wvous-tl-corner</key>
<integer>0</integer>
<key>wvous-tr-corner</key>
<integer>0</integer>
</dict>
</dict>
</array>
</dict>
</dict>
Posted on 03-22-2023 10:38 AM
The simplest answer if you are using Jamf is to add the inner <dict> to a plist and copy it directly to the "Application & Custom Settings" payload in a configuration profile. So for example, if you want to set all the values to 0 you could use the following plist.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>wvous-bl-corner</key>
<integer>0</integer>
<key>wvous-br-corner</key>
<integer>0</integer>
<key>wvous-tl-corner</key>
<integer>0</integer>
<key>wvous-tr-corner</key>
<integer>0</integer>
</dict>
</plist>
This would create a profile with the following payload
<key>PayloadContent</key>
<dict>
<key>com.apple.dock</key>
<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<key>wvous-bl-corner</key>
<integer>0</integer>
<key>wvous-br-corner</key>
<integer>0</integer>
<key>wvous-tl-corner</key>
<integer>0</integer>
<key>wvous-tr-corner</key>
<integer>0</integer>
</dict>
</dict>
</array>
</dict>
</dict>
Posted on 03-22-2023 12:36 PM
Thanks! it worked! but I don't understand something, I know that you can set a preference domain, but I don't understand how it converse
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>wvous-bl-corner</key>
<integer>0</integer>
<key>wvous-br-corner</key>
<integer>0</integer>
<key>wvous-tl-corner</key>
<integer>0</integer>
<key>wvous-tr-corner</key>
<integer>0</integer>
</dict>
</plist>
into this.
<key>PayloadContent</key>
<dict>
<key>com.apple.dock</key>
<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<key>wvous-bl-corner</key>
<integer>0</integer>
<key>wvous-br-corner</key>
<integer>0</integer>
<key>wvous-tl-corner</key>
<integer>0</integer>
<key>wvous-tr-corner</key>
<integer>0</integer>
</dict>
</dict>
</array>
</dict>
</dict>
How does it knows how to add:
<key>Forced</key> <array> <dict> <key>mcx_preference_settings</key>
Posted on 03-22-2023 08:00 PM
They way Jamf has implemented the "Application & Custom Settings" payload is using what Apple terms ManagedPreferences in their development documentation for MDM. Basically it's a catch all for allowing the definition of custom preference plists on a device. This can be used to add third party application configurations as well as specifying key value pairs for macOS built in preference plists.
The domain you specify is the preference domain where you want the settings are stored (in this case "com.apple.dock"). This is added as the top level key for the dict under PayloadContent for the "com.apple.ManagedClient.preferences" PayloadType.
The plist copy into the text field is the Jamf UI is the plist as you want it to appear on disk. Jamf discards the top level <plist> tags and wraps the remaining document in the following structure.
<key>Forced</key>
<array>
<dict>
<key>mcx_preference_settings</key>
...
dict of ManagedPreferences goes here
...
</dict>
</array>
When the payload is delivered to the device via MDM, the dict under the "mcx_preference_settings" key is unwrapped and inserted into the preference domain you specified. This adds all new key value pairs and updates any existing ones.
So the short version to how it converts the plist into the profile is that the plist you specify is parsed and copied into the predefined xml structure for ManagedPrefrences. The structure doesn't change, only the preference domain and custom preference key value pairs.
In general, the details for all of this can be found in Apple's developer documentation for MDM. There is an example profile there that I find helpful in getting my mind around the structure. The ManagedPreference payload and the example profile can be found here: https://developer.apple.com/documentation/devicemanagement/managedpreferences
Anyway, that was probably a bit long winded, but I hope it helps.