usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-02-03 05:53:24 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity

Different payload type for system_settings_screensaver_timeout_enforce #133

New Issue
Closed
opened 2026-01-19 18:29:21 +00:00 by michael · 2 comments
michael commented 2026-01-19 18:29:21 +00:00
Owner
Copy Link

Originally created by @nihil-admirari on GitHub.

Originally assigned to: @brodjieski on GitHub.

system_settings_screensaver_timeout_enforce.yaml uses com.apple.screensaver payload to set idleTime that the documentation for com.apple.screensaver does not mention. idleTime is mentioned instead in the documentation for com.apple.screensaver.user.

Should the payload type be changed?

Also shouldn't os_screensaver_loginwindow_enforce.yaml set the moduleName for com.apple.screensaver.user too?

Originally created by @nihil-admirari on GitHub. Originally assigned to: @brodjieski on GitHub. [`system_settings_screensaver_timeout_enforce.yaml`](https://github.com/usnistgov/macos_security/blob/sonoma/rules/system_settings/system_settings_screensaver_timeout_enforce.yaml) uses `com.apple.screensaver` payload to set `idleTime` that the [documentation](https://developer.apple.com/documentation/devicemanagement/screensaver) for `com.apple.screensaver` does not mention. `idleTime` is mentioned instead in the [documentation](https://developer.apple.com/documentation/devicemanagement/screensaveruser) for `com.apple.screensaver.user`. Should the payload type be changed? Also shouldn't [`os_screensaver_loginwindow_enforce.yaml`](https://github.com/usnistgov/macos_security/blob/sonoma/rules/os/os_screensaver_loginwindow_enforce.yaml) set the moduleName for `com.apple.screensaver.user` too?
michael commented 2026-01-19 18:29:21 +00:00
Author
Owner
Copy Link

@nihil-admirari commented on GitHub:

Are you seeing behavior that is unexpected?

No, just found a discrepancy with Apple's documentation.

@nihil-admirari commented on GitHub: > Are you seeing behavior that is unexpected? No, just found a discrepancy with Apple's documentation.
michael commented 2026-01-19 18:29:21 +00:00
Author
Owner
Copy Link

@robertgendler commented on GitHub:

Coming around to this finally, sorry it took so long.

While com.apple.screensaver doesn't mention idleTime it appears to work. The com.apple.screensaver.login requires it to be user channel MDM, which is problematic.

Are you seeing behavior that is unexpected?

@robertgendler commented on GitHub: Coming around to this finally, sorry it took so long. While `com.apple.screensaver` doesn't mention `idleTime` it appears to work. The `com.apple.screensaver.login` requires it to be user channel MDM, which is problematic. Are you seeing behavior that is unexpected?
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
michael
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: usnistgov/macos_security#133
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?