Like many others I am tasked with CIS Benchmark deployment.
I need to enable Secure Keyboard in Terminal.app. It can be done via script but the user can de-select the option after the script runs, allowing their current session to be disabled and thus not enforcing the benchmark how we need it enforced.
A .plist file pushed via Configuration Profile would be the best way to enforce the setting.
In a test I have pushed a .plist file with the Secure Keyboard "key" set to "True" and it works but it also sets every default option in the Terminal so none of it can be changed.
My question: How can I push a .plist file via config profile that ONLY forces the Secure Keyboard key to "true"?