https://community.cisco.com/t5/network-access-control/screensaver-check-for-mac-os/m-p/3605794#M520378 <HTML><HEAD></HEAD><BODY><P>Hi Craig,</P><P></P><P>Thanks for the reply.&nbsp; I saw it mentioned on old TAC cases that password-protected screensaver wasn't supported on Macs, so I assumed this to be the case.&nbsp; I took the details above and tested it in my lab.&nbsp; By keying off of the "askForPassword" string in the com.apple.screensaver.plist, I was able to get it to work.</P><P></P><P>Thanks again, you da man!</P></BODY></HTML> Fri, 27 Oct 2017 22:46:23 GMT Allen P Chen 2017-10-27T22:46:23Z https://community.cisco.com/t5/network-access-control/screensaver-check-for-mac-os/m-p/3605792#M520376 <HTML><HEAD></HEAD><BODY><P>Greetings.</P><P></P><P>I know password-protected screensaver check for Mac OS is currently not supported as a posture condition, but we are able to do it on Windows using registry keys.&nbsp; Is there already an enhancement request filed for password-protected screensaver check for Macs (User Story)?</P><P></P><P>Thanks in advance.</P></BODY></HTML> Thu, 26 Oct 2017 22:45:22 GMT https://community.cisco.com/t5/network-access-control/screensaver-check-for-mac-os/m-p/3605792#M520376 Allen P Chen 2017-10-26T22:45:22Z https://community.cisco.com/t5/network-access-control/screensaver-check-for-mac-os/m-p/3605793#M520377 <HTML><HEAD></HEAD><BODY><P>Not sure what you mean by "not supported".&nbsp; Just because there is not predefined check, does not mean a custom check is not supported.</P><P></P><P>Yes, it is possible to use Registry checks to verify that screen saver with password protection is enabled in Windows.&nbsp; Not sure if still available, but I provided example in original ISE 1.0 Lab Guide with RA VPN along with remediation using a custom registry file.&nbsp; I think you should be able to accomplish similar with Mac OS.&nbsp; </P><P></P><P>I have not tested, but try creating a File Condition checks like the following:</P><UL><LI>Name:<STRONG> ScreenSaver-RequirePassword-Check</STRONG></LI><LI>Operating System: <STRONG>Mac OSX</STRONG></LI><LI>Compliance Module: <STRONG>Any Version</STRONG></LI><LI>File Type:<STRONG> PropertyList</STRONG></LI><LI>File Path: <STRONG>home</STRONG>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <STRONG> /Library/Preferences/com.apple.screensaver.plist</STRONG></LI><LI>Data Type: <STRONG>Number</STRONG></LI><LI>Property Name: <STRONG>askForPassword</STRONG></LI><LI>Operator: <STRONG>Equals</STRONG></LI><LI>Value: <STRONG>1</STRONG></LI></UL><P></P><P>Depending on version, you may need to set the above Data Type to "String" and value to "true".&nbsp; </P><P>I would also expect other parameters like ScreenSaver delay can be set with the askForPasswordDelay property.</P><P></P><P>Not sure if path would be relative to home in above, or if absolute.&nbsp; I am assuming it appends to home and not require ~.&nbsp; If issue finding file, then can try omitting the leading /.</P><P></P><P>Regarding remediation scripts, there are a number of examples on the web:</P><P><A href="https://discussions.apple.com/thread/2649977?tstart=0" title="https://discussions.apple.com/thread/2649977?tstart=0">https://discussions.apple.com/thread/2649977?tstart=0</A></P><P><A href="https://www.jamf.com/jamf-nation/discussions/9982/require-password-after-sleep-or-screen-saver-begins" title="https://www.jamf.com/jamf-nation/discussions/9982/require-password-after-sleep-or-screen-saver-begins">https://www.jamf.com/jamf-nation/discussions/9982/require-password-after-sleep-or-screen-saver-begins</A></P><P><A href="https://www.jamf.com/jamf-nation/discussions/15223/security-privacy-require-password" title="https://www.jamf.com/jamf-nation/discussions/15223/security-privacy-require-password">Security &amp; Privacy: Require Password... - Jamf Nation</A></P><P></P><P>/Craig</P></BODY></HTML> Fri, 27 Oct 2017 02:51:03 GMT https://community.cisco.com/t5/network-access-control/screensaver-check-for-mac-os/m-p/3605793#M520377 Craig Hyps 2017-10-27T02:51:03Z https://community.cisco.com/t5/network-access-control/screensaver-check-for-mac-os/m-p/3605794#M520378 <HTML><HEAD></HEAD><BODY><P>Hi Craig,</P><P></P><P>Thanks for the reply.&nbsp; I saw it mentioned on old TAC cases that password-protected screensaver wasn't supported on Macs, so I assumed this to be the case.&nbsp; I took the details above and tested it in my lab.&nbsp; By keying off of the "askForPassword" string in the com.apple.screensaver.plist, I was able to get it to work.</P><P></P><P>Thanks again, you da man!</P></BODY></HTML> Fri, 27 Oct 2017 22:46:23 GMT https://community.cisco.com/t5/network-access-control/screensaver-check-for-mac-os/m-p/3605794#M520378 Allen P Chen 2017-10-27T22:46:23Z