Different payload type for system_settings_screensaver_timeout_enforce

usnistgov / macos_security

macOS Security Compliance Project

Other

1.79k stars 202 forks source link

Different payload type for system_settings_screensaver_timeout_enforce #330

Closed nihil-admirari closed 1 week ago

nihil-admirari commented 11 months ago

system_settings_screensaver_timeout_enforce.yaml uses com.apple.screensaver payload to set idleTime that the documentation for com.apple.screensaver does not mention. idleTime is mentioned instead in the documentation for com.apple.screensaver.user.

Should the payload type be changed?

Also shouldn't os_screensaver_loginwindow_enforce.yaml set the moduleName for com.apple.screensaver.user too?

robertgendler commented 4 months ago

Coming around to this finally, sorry it took so long.

While com.apple.screensaver doesn't mention idleTime it appears to work. The com.apple.screensaver.login requires it to be user channel MDM, which is problematic.

Are you seeing behavior that is unexpected?

nihil-admirari commented 3 months ago

Are you seeing behavior that is unexpected?

No, just found a discrepancy with Apple's documentation.