Setting Screensaver Timeout for All users on a system including new users

brad
Contributor

Hi all,

I was having trouble finding a solid solution/script to set the screensaver timeout universally. This is the script I came up with to make it happen. Let me know if you have any feedback. And, of course, this comes with out warranty and don't hold it against me if your machine blows up but I have tested it with 10.5-10.7. Hope it helps someone out there.

#!/bin/sh
######################################################################################
# Sets Screen Saver Timeout for all users to passed variable from Casper.
# Brad Schmidt February 28, 2012
#################################################


# List the preference files for existing Users
preffiles=`ls /Users/*/Library/Preferences/ByHost/com.apple.screens* | grep -v lockfile | rev | cut -c7-1000 | rev`


# Modify each preference file and reset permissions back to original owner
for item in $preffiles ; do defaults write $item idleTime $4; chown `echo $item | cut -f3 -d '/'` $item".plist" ; done

# Copy complete preference files to the User Template - disttech is a user that is on all of our machines, change it to suit your environment 
cp /Users/disttech/Library/Preferences/ByHost/com.apple.screensaver* /System/Library/User Template/English.lproj/Library/Preferences/ByHost/

# Set Permissions on those preference files in User Template
chown root:wheel /System/Library/User Template/English.lproj/Library/Preferences/ByHost/com.apple.screensaver*
chmod 700 /System/Library/User Template/English.lproj/Library/Preferences/ByHost/com.apple.screensaver*

exit 0

Thanks!

Brad

6 REPLIES 6

dhowell
Contributor

I used this one using a applescript, I like yours better, more granular

global screenSaverOn

tell application "System Events" tell security preferences set require password to wake to true end tell
end tell

golbiga
Contributor III
Contributor III

Why not just use MCX? That is what I do and it works great. 10.5-10.7

Allen

acdesigntech
Contributor II

I agree with golbiga, MCX is a much better way to go for setting a screensaver for this one...

Using Casper, you have to set 3 managed preferences for this: askForPassword, askForPasswordDelay, and idleTime. At my company we have them set to the following: askForPassword type integer value 1, askForPasswordDelay type real value 0.0, and idleTime type integer value 1200. Each one is set to be enforced at the user level at every login (always in WGM).

Once these preferences are set, you make a managed preference profile that includes these three prefs, then apply it to whichever computer groups you'd like to apply it to. Works like a charm.

Technically you don't have to set the askForPassword or askForPasswordDelay options, but you do if you'd like to lock desktops - security policy here...

brad
Contributor

Unfortunately MCX isn't an option on our network. Some sites use their own WGM server so we can't enable MCX on Casper as they conflict.

bentoms
Release Candidate Programs Tester

Hi Brad, I used to use the following: http://macmule.com/2010/11/18/setting-10-5-10-6s-screen-saver-via-policy/

Guys using MCX, are you stopping people from accessing the Desktops/Screen Savers pane too?

We knocked up the above script as we couldn't block people from that pref pane but wanted to enforce a timed lock.

acdesigntech
Contributor II

I am not blocking the desktop/screen saver pref pane. Users can change those settings all they want, but if they try to disable the screen saver or security settings, they just get pushed again on the next login.