We’re launching free support for BYOD Android devices and looking for early feedback. Interested?
Checks that password is required to wake the computer from sleep or screen saver is enabled.
Create or edit a configuration profile with the following information:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>Screensaver</string>
<key>PayloadIdentifier</key>
<string>com.apple.screensaver.AB633B1B-EAEF-4AB6-B5F6-DE67193267E9</string>
<key>PayloadType</key>
<string>com.apple.screensaver</string>
<key>PayloadUUID</key>
<string>AB633B1B-EAEF-4AB6-B5F6-DE67193267E9</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>askForPassword</key>
<true/>
<key>askForPasswordDelay</key>
<integer>0</integer>
</dict>
</array>
<key>PayloadDisplayName</key>
<string>Require password after screensaver or sleep</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.password_policy</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>5A2DC0F2-C5FE-4808-9083-D9879684D7FA</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
Create or edit the following script and configure it to run when the check fails:
Use the policy below to verify:
SELECT 1 WHERE
EXISTS (
SELECT 1 FROM managed_policies WHERE
domain='com.apple.screensaver' AND
name='askForPassword' AND
(value = 1 OR value = 'true') AND
username = ''
)
AND EXISTS (
SELECT 1 FROM managed_policies WHERE
domain='com.apple.screensaver' AND
name='askForPasswordDelay' AND
value <= 5 AND
username = ''
)
AND NOT EXISTS (
SELECT 1 FROM managed_policies WHERE
domain='com.apple.screensaver' AND
name='askForPassword' AND
(value != 1 AND value != 'true')
)
AND NOT EXISTS (
SELECT 1 FROM managed_policies WHERE
domain='com.apple.screensaver' AND
name='askForPasswordDelay' AND
value > 5
);
PowerShell commands are currently work in progress, contributions welcome.
Bash commands are currently work in progress, contributions welcome.