2.7.1 Ensure Screen Saver Corners Are Secure - tr-corner

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Hot Corners can be configured to disable the screen saver by moving the mouse cursor to a corner of the screen.

Rationale:

Setting a hot corner to disable the screen saver poses a potential security risk since an unauthorized person could use this to bypass the login screen and gain access to the system.

Solution

Graphical Method:
Perform the following steps to disable a Hot Corner set to Disable Screen Saver:

Open System Settings

Select Desktop & Dock

Select 'Hot Corners...

Set any corners set to Disable Screen Saver to any other selection to meets your organization's parameters

Select Done

Terminal Method:
Run the following command to turn off Disable Screen Saver for a Hot Corner:

$ /usr/bin/sudo -u <username> /usr/bin/defaults write com.apple.dock <corner that is set to '6'> -int 0

example:

$ /usr/bin/sudo -u seconduser /usr/bin/defaults write com.apple.dock wvous-tl-corner -int 0

$ /usr/bin/sudo -u seconduser /usr/bin/defaults read com.apple.dock wvous-tl-corner

0

Profile Method:
Create or edit a configuration profile with the following information:

The PayloadType string is com.apple.dock

The key to include is Forced

The key must be set to the following:

<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<key>wvous-bl-corner</key>
<integer><!=6></integer>
<key>wvous-br-corner</key>
<integer><!=6></integer>
<key>wvous-tl-corner</key>
<integer><!=6></integer>
<key>wvous-tr-corner</key>
<integer><!=6></integer>
</dict>
</dict>
</array>

See Also

https://workbench.cisecurity.org/files/4159