They are still broken in that they don’t force the screensaver password, but they do cause the checkbox to become unavailable in the Security preferences pane. Go back to Workgroup Manager and edit the preferences (yes, those again, the ones that betrayed us in the beginning…) If you had removed them since they weren’t working, put them back: If this bothers you, we can make one more change to make this checkbox unavailable…
But there’s a cosmetic issue – it appears the user can uncheck the box – but if they quit and re-open System Preferences, they’ll find it rechecked. We’re most of the way there – “Require password” is now selected by default, and is enforced. It will probably be imported as boolean/true, but that won’t work.Īpply this change to a client machine, then check the Security preference pane. Note that for the key “askForPassword”., I’ve changed the type to “integer”, and the value to “1”. Double-click to edit, and make it look like this: You’ll have a new entry in the Details view for (as opposed to ). That’s OK, and in fact, is what we need to make this actually work. You’ll note that the “Import as ByHost preferences” checkbox becomes unselected and greyed out. When importing the preferences from ~/Library/Preferences/ByHost/.plist, choose “Manage imported preferences: Always”. Then use Workgroup Manager to import the preference as in the aforementioned article from Apple. I’ll be filing a bug on that…įirst, set the appropriate preference manually:ĭefaults -currentHost write askForPassword -int 1 It appears that the preferences from the manifest imported via ManagedClient.app do not work as intended. So in effect, I had done precisely the opposite of what I had intended: I had enforced the screensaver to be turned off by default and prevented users from turning it on. How embarrassing: not only was the screensaver not being enforced - the checkbox in the Security preferences pane was greyed out and unavailable. I was happy and confident: I was now managing this the “Apple-supported way”, instead of relying on elaborate hackery.Īnd then a company vice-president asked why the screensaver wasn’t being enforced on his new MacBook Air and why he couldn’t turn it on.Ī little investigation, and he was right. So I set this up, did some minimal testing on my personal laptop, and rolled it out. The manifest leads you to try something like this: In Workgroup Manager, in the Preferences management Details view, if you add /System/Library/CoreServices/ManagedClient.app, you import a bunch of useful preference manifests.
With Leopard, Apple added a Preferences Manifest for the screensaver. Later, I moved to a script that ran at login that used defaults -currentHost write to set the desired preferences at each log in.įor Tiger, Apple documented a way to enforce the screensaver via MCX (Managed Client): you can read the article here. I developed one for 10.1 that I also used for 10.2 and 10.3. There have been plenty of hacks to do so. You’d think something as simple and basic as enforcing a screensaver would be easy. Enforcing a screensaver for security reasons has given me a lot of headaches over the years.
0 kommentar(er)
