Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1347
Views
2
Helpful
2
Replies

Screensaver check for Mac OS

Go to solution
Allen P Chen
Level 5
Level 5

‎10-26-2017 03:45 PM

Greetings.

I know password-protected screensaver check for Mac OS is currently not supported as a posture condition, but we are able to do it on Windows using registry keys.  Is there already an enhancement request filed for password-protected screensaver check for Macs (User Story)?

Thanks in advance.

1 Accepted Solution

Accepted Solutions

Go to solution
Craig Hyps
Level 10
Level 10

‎10-26-2017 07:51 PM

Not sure what you mean by "not supported".  Just because there is not predefined check, does not mean a custom check is not supported.

Yes, it is possible to use Registry checks to verify that screen saver with password protection is enabled in Windows.  Not sure if still available, but I provided example in original ISE 1.0 Lab Guide with RA VPN along with remediation using a custom registry file.  I think you should be able to accomplish similar with Mac OS. 

I have not tested, but try creating a File Condition checks like the following:

  • Name: ScreenSaver-RequirePassword-Check
  • Operating System: Mac OSX
  • Compliance Module: Any Version
  • File Type: PropertyList
  • File Path: home                            /Library/Preferences/com.apple.screensaver.plist
  • Data Type: Number
  • Property Name: askForPassword
  • Operator: Equals
  • Value: 1

Depending on version, you may need to set the above Data Type to "String" and value to "true". 

I would also expect other parameters like ScreenSaver delay can be set with the askForPasswordDelay property.

Not sure if path would be relative to home in above, or if absolute.  I am assuming it appends to home and not require ~.  If issue finding file, then can try omitting the leading /.

Regarding remediation scripts, there are a number of examples on the web:

https://discussions.apple.com/thread/2649977?tstart=0

https://www.jamf.com/jamf-nation/discussions/9982/require-password-after-sleep-or-screen-saver-begins

Security & Privacy: Require Password... - Jamf Nation

/Craig

View solution in original post

2 Replies 2

Go to solution
Craig Hyps
Level 10
Level 10

‎10-26-2017 07:51 PM

Not sure what you mean by "not supported".  Just because there is not predefined check, does not mean a custom check is not supported.

Yes, it is possible to use Registry checks to verify that screen saver with password protection is enabled in Windows.  Not sure if still available, but I provided example in original ISE 1.0 Lab Guide with RA VPN along with remediation using a custom registry file.  I think you should be able to accomplish similar with Mac OS. 

I have not tested, but try creating a File Condition checks like the following:

  • Name: ScreenSaver-RequirePassword-Check
  • Operating System: Mac OSX
  • Compliance Module: Any Version
  • File Type: PropertyList
  • File Path: home                            /Library/Preferences/com.apple.screensaver.plist
  • Data Type: Number
  • Property Name: askForPassword
  • Operator: Equals
  • Value: 1

Depending on version, you may need to set the above Data Type to "String" and value to "true". 

I would also expect other parameters like ScreenSaver delay can be set with the askForPasswordDelay property.

Not sure if path would be relative to home in above, or if absolute.  I am assuming it appends to home and not require ~.  If issue finding file, then can try omitting the leading /.

Regarding remediation scripts, there are a number of examples on the web:

https://discussions.apple.com/thread/2649977?tstart=0

https://www.jamf.com/jamf-nation/discussions/9982/require-password-after-sleep-or-screen-saver-begins

Security & Privacy: Require Password... - Jamf Nation

/Craig

Go to solution
Allen P Chen
Level 5
Level 5

‎10-27-2017 03:46 PM

Hi Craig,

Thanks for the reply.  I saw it mentioned on old TAC cases that password-protected screensaver wasn't supported on Macs, so I assumed this to be the case.  I took the details above and tested it in my lab.  By keying off of the "askForPassword" string in the com.apple.screensaver.plist, I was able to get it to work.

Thanks again, you da man!

0 Helpful
Customers Also Viewed These Support Documents