askForPassword key unenforceable in 10.13.1 under certain conditions
| Originator: | clburlison | ||
| Number: | rdar://35967089 | Date Originated: | 11-Dec-2017 09:24 AM |
| Status: | Open | Resolved: | |
| Product: | iOS + SDK | Product Version: | |
| Classification: | Security | Reproducible: | Always |
Summary: This is a duplicate of radar #35462422 Installing a configuration profile to enforce com.apple.screensaver has no effect if the user already unchecked the Require Password setting. Steps to Reproduce: 1) Start with a brand new Mac with macOS 10.13.1/clean install 2) As a user, open the Security tab of System Preferences and uncheck "Require Password". 3) Install the attached configuration profile to enforce com.apple.screensaver with the key ``` askForPassword ``` I've tested this step using the following methods a) manual install as a user b) with MDM as a device level profile c) using the sudo profiles -IF /path/to/profile.mobileconfig all methods are able to reproduce the issue if the user has changed the setting manually before the profile was installed. Expected Results: I expect the profile to be installed and for the Require Password checkbox to be green. I also expect the user to be prompted for a password after the screen saver comes up. Actual Results: The profile is installed. The enforced policy appears to be ineffective as the user is never prompted for the password. Before a reboot, a user is able to click/unclick the Require Password checkbox even though the profile exists. Rebooting does not cause the preference to take effect, but it grays out the checkbox as unchecked (attached screenshot) Version/Build: 10.13.1/17B48 Version: Notes:
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!