cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

macOS "password not required for screen saver, auto login is enbled"

Conversationalist

macOS "password not required for screen saver, auto login is enbled"

I recently pushed out the agent to a number of macOS systems. By doing this the profile & settings has now overridden the lock on screensaver local setting. Anyone know how to resolve this through the profile & setting configuration? It also is list under reasons for the client not being compliant i.e "password not required for screen saver". Same issue with "auto login is enabled", list at reason client is not compliant. I have gone through all the docs, googled search, nothing. I am stuck now are how to resolve using the profile & settings config.

7 REPLIES 7
Building a reputation

Re: macOS "password not required for screen saver, auto login is enbled"

Hi!

 

It would be helpful to know which profiles are currently pushed to your devices, as just installing the agent on it's own wouldn't configure/adjust any system settings.

 

At my org I'm using a combination of the pre-built template wizard Meraki provides, and I upload custom profiles using Apple's Profile Manager to enforce more advanced settings. Under Meraki's Passcode section, there is a drop down menu for "Auto-Lock" and the default value is set to "never."

 

 Screen Shot 2018-03-08 at 2.00.20 PM.png

Screen Shot 2018-03-08 at 1.54.37 PM.png

Conversationalist

Re: macOS "password not required for screen saver, auto login is enbled"

I have not deployed the agent as of yet. I have 2 profiles installed on each macOS laptop. The Default Meraki profile and a Custom profile that I created to enforce the company security policy for laptop settings. The custom profile is the one that has the passcode configuration enabled. I currently have Auto-Lock set at 5min. I have a policy setup to audit for the Screen Saver being set at 5 mins. The report says the all the devices are non-compliant because there is no password required for screen saver. 😕

Kind of a big deal

Re: macOS "password not required for screen saver, auto login is enbled"

You could upload your custom profile to Dashboard and have SM push that to devices for you. That should ensure the settings you want remain set and you can push the SM agent as well. 

MRCUR | CMNO #12
Building a reputation

Re: macOS "password not required for screen saver, auto login is enbled"

here are some screenshot examples of the settings available in Apple's Profile manager that can be exported and then uploaded to Meraki:

 

Screen Shot 2018-03-08 at 2.05.58 PM.pngScreen Shot 2018-03-08 at 2.06.28 PM.png

Conversationalist

Re: macOS "password not required for screen saver, auto login is enbled"

This is interesting, we are not using Apple's Profile manager. I will have to look into that. So, I am thinking that means I have to visit each machine to disable auto-login. 

Building a reputation

Re: macOS "password not required for screen saver, auto login is enbled"

I think we may be running into a distinction Apple makes between the screen saver and auto lock settings. "Auto lock" is set for inactivity vs triggered by screensaver activation. Here's some examples:

 

Auto lock 5 minutes, screensaver 5 minutes: If there is no user activity for 5 minutes the screensaver activates. Then after an additional 5 minutes a password is required to get past the screensaver.

 

Auto lock immediately, screensaver 5 minutes: If there is no user activity for 5 minutes the screensaver activates. If a user moves the cursor after the screensaver appears they are immediately prompted for a password.

 

 

Building a reputation

Re: macOS "password not required for screen saver, auto login is enbled"

Also... in terms of the "auto login enabled" flag you may want to check your client machines under System Preferences/Users & Groups/Login Options. There is a drop down menu at the top that should be set to "off" for Automatic login.

 

In Apple Profile Manager there's an option to disable that feature and export a profile (seen in a screenshot from an earlier post).

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels