Enforcing Screensaver Settings in an Enterprise Environment

Part of client management is often protecting your users from exposure caused by themselves. As such, I went on a journey (more like a tour) to identify what I could do and as I walked, it occurred to me that I needed to ensure the screensaver settings I had set in place were always in place.

While Casper has a way to push out those settings via MCX, I still needed to ensure accuracy.

Screen Shot 2015-02-11 at 2.13.33 AM
For that, I turned to scripting; writing a simple shell script that checks for the necessary values and report back.
There are two scripts, one as an attribute and the other as a policy; both are available on my github.

In Casper, create an attribute called Screensaver Settings and load Screensaver_status.sh

Screen Shot 2015-02-11 at 2.19.28 AM

The script will check if Automatic checks and system data files and security updates are enabled (You need the former enabled in order to set the latter.)
The result will be displayed as an attribute result: Secure if all checks out and Insecure if any fails.
Screen Shot 2015-02-11 at 2.27.12 AM

Now that we have an attribute, let’s setup a Smart Group to trim the herd.
Set the smart group criteria as Screensaver Settings is not Secure

Screen Shot 2015-02-11 at 2.32.44 AM

Now, we need to set a policy to rectify the findings of the smart group using Screensaver_lock.sh

We set the Trigger as Recurring so it can run at every checking if needed and the frequency as ongoing so that it can always grab an offender.
I have also setup an inventory update to ensure that the smart group is updated often.
Screen Shot 2015-02-11 at 2.40.50 AM

And with that I can ensure the screensaver settings I desired are always in session.

Screen Shot 2015-02-11 at 2.48.30 AM


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s