Part of client management is often protecting your users from exposure caused by themselves. As such, I went on a journey (more like a tour) to identify what I could do and as I walked, it occurred to me that I needed to ensure the screensaver settings I had set in place were always in place.
While Casper has a way to push out those settings via MCX, I still needed to ensure accuracy.
For that, I turned to scripting; writing a simple shell script that checks for the necessary values and report back.
There are two scripts, one as an attribute and the other as a policy; both are available on my github.
In Casper, create an attribute called Screensaver Settings and load Screensaver_status.sh
The script will check if Automatic checks and system data files and security updates are enabled (You need the former enabled in order to set the latter.)
The result will be displayed as an attribute result: Secure if all checks out and Insecure if any fails.
Now that we have an attribute, let’s setup a Smart Group to trim the herd.
Set the smart group criteria as Screensaver Settings is not Secure
Now, we need to set a policy to rectify the findings of the smart group using Screensaver_lock.sh
We set the Trigger as Recurring so it can run at every checking if needed and the frequency as ongoing so that it can always grab an offender.
I have also setup an inventory update to ensure that the smart group is updated often.
And with that I can ensure the screensaver settings I desired are always in session.