AirWatch: Deploy custom MCX profiles
In order to deploy custom MCX profiles, I will use the excellent mcxToProfile tool by Tim Sutton. Get it here -> https://github.com/timsutton/mcxToProfile
My goal here is to change the delay to ask password to "Immediately".
0. Install mcxToProfile. I use git as I find it easier to update, but you can also download it directory from the github page. You might need to make the python script executable (see below)
$ git clone https://github.com/timsutton/mcxToProfile.git $ chmod +x ./mcxToProfile/mcxToProfile.py
- Make the changes to your Mac (Here, I go to System Preferences > Security & Confidentiality > General and I change the setting to "Immediately".
- Now, find the defaults domain. This is almost an art, I won't cover this here. In this case, it is com.apple.screensaver
- Launch mcxToProfile to create the .mobileconfig
$ ./mcxToProfile/mcxToProfile.py --defaults com.apple.screensaver --identifier org.maclovin.screensaver $ cat org.maclovin.screensaver.mobileconfig
<plist version="1.0"> <dict> <key>PayloadContent</key> <array> <dict> <key>PayloadContent</key> <dict> <key>com.apple.screensaver</key> <dict> <key>Forced</key> <array> <dict> <key>mcx_preference_settings</key> <dict> <key>askForPassword</key> <integer>1</integer> <key>askForPasswordDelay</key> <real>60</real> <key>tokenRemovalAction</key> <integer>0</integer> </dict> </dict> </array> </dict> </dict> <key>PayloadEnabled</key> <true/> <key>PayloadIdentifier</key> <string>MCXToProfile.f4859170-42b5-467f-a249-220c689103ec.alacarte.customsettings.3fad436d-d335-4d08-849e-3feda8397631</string> <key>PayloadType</key> <string>com.apple.ManagedClient.preferences</string> <key>PayloadUUID</key> <string>3fad436d-d335-4d08-849e-3feda8397631</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </array> <key>PayloadDescription</key> <string>Included custom settings: com.apple.screensaver Git revision: a14a19d7f0</string> <key>PayloadDisplayName</key> <string>MCXToProfile: com.apple.screensaver</string> <key>PayloadIdentifier</key> <string>org.maclovin.screensaver</string> <key>PayloadOrganization</key> <string></string> <key>PayloadRemovalDisallowed</key> <true/> <key>PayloadScope</key> <string>System</string> <key>PayloadType</key> <string>Configuration</string> <key>PayloadUUID</key> <string>f4859170-42b5-467f-a249-220c689103ec</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </plist>
You can double click on this file to install it manually (or use $ open org.maclovin.screensaver.mobileconfig). Restart System Preferences to see this setting in the GUI (Security & Confidentiality > General). Then remove this profile, we'll move on to AirWatch.
Now you need to import this to AirWatch:
- Go to console
- Go to Devices > Profiles > List view
- Add > Add Profile
- Apple Mac OS X > Device Profile
- Fill General infos
Go to Custom settings and paste only the relevant portion:
<dict> <key>PayloadContent</key> <dict> <key>com.apple.screensaver</key> <dict> <key>Forced</key> <array> <dict> <key>mcx_preference_settings</key> <dict> <key>askForPassword</key> <integer>1</integer> <key>askForPasswordDelay</key> <real>60</real> <key>tokenRemovalAction</key> <integer>0</integer> </dict> </dict> </array> </dict> </dict> <key>PayloadEnabled</key> <true/> <key>PayloadIdentifier</key> <string>MCXToProfile.f4859170-42b5-467f-a249-220c689103ec.alacarte.customsettings.3fad436d-d335-4d08-849e-3feda8397631</string> <key>PayloadType</key> <string>com.apple.ManagedClient.preferences</string> <key>PayloadUUID</key> <string>3fad436d-d335-4d08-849e-3feda8397631</string> <key>PayloadVersion</key> <integer>1</integer> </dict>
Now it should be working fine