Archive
Suppressing undesired local account password policy notifications on macOS Sonoma
As part of the release of macOS Sonoma 14.0.0, there is a bug which may be triggered if you have deployed a configuration profile which sets password rules for local accounts. An example profile is shown below:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>PayloadContent</key> | |
| <array> | |
| <dict> | |
| <key>PayloadDisplayName</key> | |
| <string>Passcode</string> | |
| <key>PayloadIdentifier</key> | |
| <string>com.apple.mobiledevice.passwordpolicy.3BCA8E01-3CB9-4D6B-8338-518C51B80AAF</string> | |
| <key>PayloadType</key> | |
| <string>com.apple.mobiledevice.passwordpolicy</string> | |
| <key>PayloadUUID</key> | |
| <string>F0B7EB5D-5DF1-4DDC-8A80-01CA458E6157</string> | |
| <key>PayloadVersion</key> | |
| <integer>1</integer> | |
| <key>allowSimple</key> | |
| <false/> | |
| <key>forcePIN</key> | |
| <true/> | |
| <key>maxFailedAttempts</key> | |
| <integer>10</integer> | |
| <key>minLength</key> | |
| <integer>15</integer> | |
| <key>minutesUntilFailedLoginReset</key> | |
| <integer>15</integer> | |
| <key>requireAlphanumeric</key> | |
| <true/> | |
| </dict> | |
| </array> | |
| <key>PayloadDescription</key> | |
| <string>Sets password rules for local accounts on this Mac.</string> | |
| <key>PayloadDisplayName</key> | |
| <string>Local Account Password Rules</string> | |
| <key>PayloadIdentifier</key> | |
| <string>com.company.9EF1E03A-5DEB-4D1F-9E14-D76AFF153C35</string> | |
| <key>PayloadOrganization</key> | |
| <string>Company Name</string> | |
| <key>PayloadType</key> | |
| <string>Configuration</string> | |
| <key>PayloadUUID</key> | |
| <string>40829036-5EAF-42C9-9678-D27F0C28654B</string> | |
| <key>PayloadVersion</key> | |
| <integer>1</integer> | |
| </dict> | |
| </plist> |
In those cases, you may see one or the other following notifications when you log into macOS Sonoma for the first time.
These notifications don’t actually indicate a problem and clicking on them does nothing but make the messages disappear. However, for shops which are using profiles which set local account password rules, these messages will almost certainly cause tickets asking “What is this and what does it mean?” from your user community.
I have filed feedback with Apple regarding this issue. For those wishing to reference it, it is Feedback # FB12845634.
For the initial release of Sonoma, the best solution identified so far is to suppress the notifications for local password management, to make sure that these notifications don’t appear until Apple releases an update to macOS Sonoma which addresses this problem. To assist with this, I have an example profile available from the link below:
https://github.com/rtrouton/profiles/tree/main/DisableAppleLocalUserAccountPasswordNotifications
Note: The example profile linked above will suppress all local account password policy notifications. If you are using local account password policy notifications for other purposes, this solution may not work for you.
The component in macOS which generates the local account password notifications also exists on macOS Ventura, so you should be able to deploy a profile like the one linked above to macOS Ventura. This should ensure that Macs upgrading to macOS Sonoma also have these notifications suppressed from the start on macOS Sonoma 14.0.0.
Managing the “Click wallpaper to reveal desktop” setting in macOS Sonoma
Every so often, something gets added to macOS and enabled by default where I wish it was off by default. In macOS Sonoma, that’s the new Click wallpaper to reveal desktop option, which works like this by default.
- Click on an empty spot on the desktop.
- Watch your open windows disappear off-screen.
Apple does include a one-time message which explains the behavior, but if you click away from the message it won’t re-appear when you click again on an empty spot on the desktop.
This behavior is managed in System Settings: Desktop & Dock and is listed as the Click wallpaper to reveal desktop setting. This has two settings:
- Always
- Only in Stage Manager
The default behavior is Always. To stop making your windows disappear whenever you click on the desktop, select Only in Stage Manager.
Fortunately for my preferences, I was able to figure out that the Click wallpaper to reveal desktop behavior was controlled via the following setting:
- Domain: com.apple.WindowManager
- Key: EnableStandardClickToShowDesktop
- Value: Boolean
To set the Click wallpaper to reveal desktop setting to Always, run the following command as the logged-in user:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /usr/bin/defaults write com.apple.WindowManager EnableStandardClickToShowDesktop -bool true |
To set the Click wallpaper to reveal desktop setting to Only in Stage Manager, run the following command as the logged-in user:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /usr/bin/defaults write com.apple.WindowManager EnableStandardClickToShowDesktop -bool false |
In my case, I wanted this setting permanently set to Only in Stage Manager so I’ve also written a profile which can enforce this. It’s available via the link below:
https://github.com/rtrouton/profiles/blob/main/ManageClickWallpaperToShowDesktopItems
Slides from the “Installer Package Scripting” session at Jamf Nation User Conference 2023
For those who wanted a copy of my installer package scripting talk at Jamf Nation User Conference 2023, here are links to the slides in PDF and Keynote format.
- PDF – https://tinyurl.com/JNUC2023PDF
- Keynote – https://tinyurl.com/JNUC2023Keynote
Starting a sole proprietorship business to get a DUNS number for Apple Business Manager
One of the requirements for getting an Apple Business Manager (ABM) instance (which also provides Automated Device Enrollment and Volume Purchase Program access) is a Data Universal Numbering System (DUNS) number, which are issued to businesses by Dun & Bradstreet (D&B). This is usually seen as an obstacle for the individual Mac admin who wants to set up an ABM instance, but it doesn’t need to be for the following reasons:
- Setting up a business does not need to cost anything in terms of money.
- Getting a DUNS number does not need to cost anything in terms of money.
- Getting an ABM instance does not cost anything in terms of money.
All three will take time and some effort, and your time always has a money value, but overall you shouldn’t get charged for anything.
Note: What I’m about to discuss applies solely to states which are part of the United States of America. If you are outside the United States, please check your own nation’s laws as what I’m about to discuss may have zero applicability to you. For more details, please see below the jump.
Der Flounder 
Recent Comments