2.3.3 Audit Lock Screen and Start Screen Saver Tools

Information

In 10.13 Apple added a 'Lock Screen' option to the Apple Menu. Prior to this the best quick lock options were to use either a lock screen option with the screen saver or the lock screen option from Keychain Access if status was made available in the menu bar. With 10.13 the menu bar option is no longer available. The intent of this control is to resemble control-alt-delete on Windows Systems as a means of quickly locking the screen. If the user of the system is stepping away from the computer the best practice is to lock the screen and setting a hot corner is an appropriate method.

Rationale:

Ensuring the user has a quick method to lock their screen may reduce the opportunity for individuals in close physical proximity of the device to see screen contents.

Solution

Perform the following to set a Hot Corner to either Start Screen Saver or Put Display to Sleep:
Graphical Method:

Open System Preferences

Select Desktop & Screen Saver

Select Screen Saver

Select Hot Corners... and turn on either/both Start Screen Saver or Put Display to Sleep

Terminal Method:
For all users, run the following commands to set Start Screen Saver or Put Display to Sleep as a Hot Corner:

$ sudo -u <username> /usr/bin/defaults read com.apple.dock <corner> -int <5 or 10>

example:

$ sudo -u seconduser /usr/bin/defaults write com.apple.dock wvous-tl-corner -int 10

$ sudo -u seconduser /usr/bin/defaults read com.apple.dock wvous-tl-corner

10

$ sudo -u seconduser /usr/bin/defaults write com.apple.dock wvous-bl-corner -int 5

$ sudo -u seconduser /usr/bin/defaults read com.apple.dock wvous-bl-corner

10




Profile Method:

Create or edit a configuration profile with the PayLoadType of com.apple.dock

Add the key Forced

Set the key to the following (based on the corner(s) that your organization has selected):

<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<key>wvous-bl-corner</key>
<integer><5 or 10></integer>
<key>wvous-br-corner</key>
<integer><5 or 10></integer>
<key>wvous-tl-corner</key>
<integer><5 or 10></integer>
<key>wvous-tr-corner</key>
<integer><5 or 10></integer>
</dict>
</dict>
</array>

See Also

https://workbench.cisecurity.org/files/3569