Skip to main content
Jamf Nation, hosted by Jamf, is the largest Apple IT management community in the world. Dialog with your fellow IT professionals, gain insight about Apple device deployments, share best practices and bounce ideas off each other. Join the conversation.

CIS Benchmark: Secure Keyboard Enabled with Custom .plist File

JAMF Nation,

Like many others I am tasked with CIS Benchmark deployment.

I need to enable Secure Keyboard in It can be done via script but the user can de-select the option after the script runs, allowing their current session to be disabled and thus not enforcing the benchmark how we need it enforced.

A .plist file pushed via Configuration Profile would be the best way to enforce the setting.

In a test I have pushed a .plist file with the Secure Keyboard "key" set to "True" and it works but it also sets every default option in the Terminal so none of it can be changed.

My question: How can I push a .plist file via config profile that ONLY forces the Secure Keyboard key to "true"?

Like Comment
Order by:
SOLVED Posted: by boberito

If you upload a Custom Setting plist into a configuration profile with

It should do it? And that should also ONLY set that setting, nothing else.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "">
<plist version="1.0">
SOLVED Posted: by Taylor.Armstrong

Have you taken a look at Jamf's CIS scripts yet?

Not exactly what you're asking, but if you're implementing CIS and don't know about them, you should.

SOLVED Posted: by clegger06

@boberito ,

AWESOME Username!

I copied the xml script you posted, put it in a text document and attempted to upload to the JSS.

JAMF Pro says to convert it to xml1 with, < /usr/bin/plutil -convert xml1 /path/to/file.plist >. When running the command to convert the file I get the following error in terminal, < Property List error: Unexpected character { at line 1 / JSON error: No string key for value in object around character 1. >

Now, to troubleshoot, I have opened the current terminal .plist and it appears to have the same "Line 1". I also tried to lookup "JSON" errors on Google and that is complicated. I appreciate any help.

SOLVED Posted: by clegger06

@Taylor.Armstrong ,

Thank you for that link. I will take a look at that. I also found the Github from @franton. This information helps a ton with this process! Thank you all.

SOLVED Posted: by boberito

@clegger06 I think you pasted it into a Rich Text Document, the default for Text Edit.

Create a plain text document in TextEdit, not a Rich Text Document. Create a new document and pull down from format and do Make Plain Text. Then paste that in. Save it as

Upload as a Custom setting.

SOLVED Posted: by clegger06

@boberito ,

I am grateful. You have taught me something here today. I appreciate your solving this problem for me. I implemented the .plist and it is exactly what we need. Cheers to you sir!