From 2e43ac4f7a3e1487bb20dd62e7e93a3cbc39787a Mon Sep 17 00:00:00 2001 From: Eric Date: Wed, 18 Jun 2025 13:09:20 -0500 Subject: [PATCH] Website: Update configuration builder (#30102) Related to: #28489 Changes: - Updated the available payloads in the configuration builder - Updated the configuration builder schema to include categories and subcategories --- .../js/pages/configuration-builder.page.js | 929 ++++++++++++------ .../styles/pages/configuration-builder.less | 172 ++-- website/views/pages/configuration-builder.ejs | 102 +- 3 files changed, 705 insertions(+), 498 deletions(-) diff --git a/website/assets/js/pages/configuration-builder.page.js b/website/assets/js/pages/configuration-builder.page.js index 5262250036..dde44479c1 100644 --- a/website/assets/js/pages/configuration-builder.page.js +++ b/website/assets/js/pages/configuration-builder.page.js @@ -62,333 +62,609 @@ parasails.registerPage('configuration-builder', { profileFilename: undefined, profileDescription: undefined, // mac OS payloads. - macOSPayloads: [ + macosCategoriesAndPayloads: [ { - name: 'Require device password', - uniqueSlug: 'macos-enable-force-pin', - tooltip: 'Require a password to unlock the device', - category: 'Device lock', - payload: 'Passcode', - payloadType: 'com.apple.mobiledevice.passwordpolicy', - formInput: { - type: 'boolean', - trueValue: 0, - falseValue: 1 - }, - formOutput: {// For the compiler - settingFormat: 'boolean',// Used to generate a configuration profile - settingKey: 'forcePIN',// Used to generate a configuration profile - trueValue: '',// (type=boolean only) Used to keep track of what values the boolean input represents. - falseValue: '',// (type=boolean only) Used to keep track of what values the boolean input represents. - }, - }, - { - name: 'Allow simple password', - uniqueSlug: 'macos-enable-allow-simple-pin', - tooltip: 'If false, the system prevents use of a simple passcode. A simple passcode contains repeated characters, or increasing or decreasing characters, such as 123 or CBA.', - category: 'Device lock', - payload: 'Passcode', - payloadType: 'com.apple.mobiledevice.passwordpolicy', - formInput: { - type: 'boolean', - trueValue: 0, - falseValue: 1 - }, - formOutput: {// For the compiler - settingFormat: 'boolean',// Used to generate a configuration profile - settingKey: 'allowSimple',// Used to generate a configuration profile - trueValue: '',// (type=boolean only) Used to keep track of what values the boolean input represents. - falseValue: '',// (type=boolean only) Used to keep track of what values the boolean input represents. - }, - }, - { - name: 'Max inactivity time before device locks', - uniqueSlug: 'macos-max-inactivity', - tooltip: 'The maximum number of minutes for which the device can be idle without the user unlocking it, before the system locks it.', - category: 'Device lock', - payload: 'Passcode', - payloadType: 'com.apple.mobiledevice.passwordpolicy', - formInput: { - type: 'number', - defaultValue: 4, - minValue: 0, - maxValue: 60, - unitLabel: 'minutes' - }, - formOutput: {// For the compiler - settingFormat: 'integer',// Used to generate a configuration profile - settingKey: 'maxInactivity',// Used to generate a configuration profile - }, - }, - { - name: 'Minimum password length', - uniqueSlug: 'macos-min-length', - tooltip: 'The minimum overall length of the passcode.', - category: 'Device lock', - payload: 'Passcode', - payloadType: 'com.apple.mobiledevice.passwordpolicy', - formInput: { - type: 'number', - defaultValue: 0, - minValue: 0, - maxValue: 16, - unitLabel: 'characters' - }, - formOutput: {// For the compiler - settingFormat: 'integer',// Used to generate a configuration profile - settingKey: 'minLength',// Used to generate a configuration profile - }, - }, - { - name: 'Require alphanumeric password', - uniqueSlug: 'macos-require-alphanumeric-password', - tooltip: 'If true, the system requires alphabetic characters instead of only numeric characters.', - category: 'Device lock', - payload: 'Passcode', - payloadType: 'com.apple.mobiledevice.passwordpolicy', - formInput: { - type: 'boolean', - trueValue: 0, - falseValue: 1 - }, - formOutput: {// For the compiler - settingFormat: 'boolean',// Used to generate a configuration profile - settingKey: 'requireAlphanumeric',// Used to generate a configuration profile - trueValue: '',// (type=boolean only) Used to keep track of what values the boolean input represents. - falseValue: '',// (type=boolean only) Used to keep track of what values the boolean input represents. - }, - }, - { - name: 'Change passcode at next login', - uniqueSlug: 'macos-change-at-next-auth', - tooltip: 'If true, the system causes a password reset to occur the next time the user tries to authenticate.', - category: 'Device lock', - payload: 'Passcode', - payloadType: 'com.apple.mobiledevice.passwordpolicy', - formInput: { - type: 'boolean', - trueValue: 0, - falseValue: 1 - }, - formOutput: {// For the compiler - settingFormat: 'boolean',// Used to generate a configuration profile - settingKey: 'changeAtNextAuth',// Used to generate a configuration profile - trueValue: '',// (type=boolean only) Used to keep track of what values the boolean input represents. - falseValue: '',// (type=boolean only) Used to keep track of what values the boolean input represents. - }, - }, - { - name: 'Maximum number of failed attempts', - uniqueSlug: 'macos-max-failed-attempts', - tooltip: 'The number of allowed failed attempts to enter the passcode at the device’s lock screen. After four failed attempts, the system imposes a time delay before a passcode can be entered again. When this number is exceeded in macOS, the system locks the device.', - category: 'Device lock', - payload: 'Passcode', - payloadType: 'com.apple.mobiledevice.passwordpolicy', - formInput: { - type: 'number', - defaultValue: 11, - minValue: 2, - maxValue: 11, - unitLabel: 'attempts' - }, - formOutput: {// For the compiler - settingFormat: 'integer',// Used to generate a configuration profile - settingKey: 'maxFailedAttempts',// Used to generate a configuration profile - }, - }, - { - name: 'Max grace period', - uniqueSlug: 'macos-max-grace-period', - tooltip: 'The maximum grace period, in minutes, to unlock the device without entering a passcode. The default is 0, which is no grace period and requires a passcode immediately.', - category: 'Device lock', - payload: 'Passcode', - payloadType: 'com.apple.mobiledevice.passwordpolicy', - formInput: { - type: 'number', - defaultValue: 0, - minValue: 0, - maxValue: 999, - unitLabel: 'minutes' - }, - formOutput: {// For the compiler - settingFormat: 'integer',// Used to generate a configuration profile - settingKey: 'maxGracePeriod',// Used to generate a configuration profile - }, - }, - { - name: 'Max passcode age', - uniqueSlug: 'macos-max-pin-age', - tooltip: 'The number of days for which the passcode can remain unchanged. After this number of days, the system forces the user to change the passcode before it unlocks the device.', - category: 'Device lock', - payload: 'Passcode', - payloadType: 'com.apple.mobiledevice.passwordpolicy', - formInput: { - type: 'number', - defaultValue: 0, - minValue: 0, - maxValue: 999, - unitLabel: 'days' - }, - formOutput: {// For the compiler - settingFormat: 'integer',// Used to generate a configuration profile - settingKey: 'maxPINAgeInDays',// Used to generate a configuration profile - }, - }, - { - name: 'Minimum complex characters', - uniqueSlug: 'macos-min-complex-characters', - tooltip: 'The minimum number of complex characters that a passcode needs to contain. A complex character is a character other than a number or a letter, such as &, %, $, and #.', - category: 'Device lock', - payload: 'Passcode', - payloadType: 'com.apple.mobiledevice.passwordpolicy', - formInput: { - type: 'number', - defaultValue: 0, - minValue: 0, - maxValue: 4, - unitLabel: 'characters' - }, - formOutput: {// For the compiler - settingFormat: 'integer',// Used to generate a configuration profile - settingKey: 'minComplexChars',// Used to generate a configuration profile - }, - }, - { - name: 'Minutes until failed login reset', - uniqueSlug: 'macos-minutes-until-failed-login-reset', - tooltip: 'The number of minutes before the system resets the login after the maximum number of unsuccessful login attempts is reached.', - category: 'Device lock', - payload: 'Passcode', - payloadType: 'com.apple.mobiledevice.passwordpolicy', - formInput: { - type: 'number', - defaultValue: 0, - minValue: 0, - maxValue: 4, - unitLabel: 'minutes' - }, - formOutput: {// For the compiler - settingFormat: 'integer',// Used to generate a configuration profile - settingKey: 'minutesUntilFailedLoginReset',// Used to generate a configuration profile - }, - }, - { - name: 'Passcode history', - uniqueSlug: 'macos-passcode-history', - tooltip: 'This value defines N, where the new passcode must be unique within the last N entries in the passcode history.', - category: 'Device lock', - payload: 'Passcode', - payloadType: 'com.apple.mobiledevice.passwordpolicy', - formInput: { - type: 'number', - minValue: 1, - maxValue: 50, - }, - formOutput: {// For the compiler - settingFormat: 'integer',// Used to generate a configuration profile - settingKey: 'pinHistory',// Used to generate a configuration profile - }, + categoryName: 'Privacy & security', + categorySlug: 'macos-privacy-and-security', + subcategories: [ + { + subcategoryName: 'Device lock', + subcategorySlug: 'macos-device-lock', + description: 'Settings related to screen lock and passwords.', + learnMoreLinkUrl: 'https://developer.apple.com/documentation/devicemanagement/passcode', + payloads: [ + { + name: 'Require device password', + uniqueSlug: 'macos-enable-force-pin', + tooltip: 'Require a password to unlock the device', + category: 'Device lock', + payload: 'Passcode', + payloadType: 'com.apple.mobiledevice.passwordpolicy', + formInput: { + type: 'boolean', + trueValue: 0, + falseValue: 1 + }, + formOutput: { + settingFormat: 'boolean', + settingKey: 'forcePIN', + trueValue: '', + falseValue: '', + }, + }, + { + name: 'Allow simple password', + uniqueSlug: 'macos-enable-allow-simple-pin', + tooltip: 'If false, the system prevents use of a simple passcode. A simple passcode contains repeated characters, or increasing or decreasing characters, such as 123 or CBA.', + category: 'Device lock', + payload: 'Passcode', + payloadType: 'com.apple.mobiledevice.passwordpolicy', + formInput: { + type: 'boolean', + trueValue: 0, + falseValue: 1 + }, + formOutput: { + settingFormat: 'boolean', + settingKey: 'allowSimple', + trueValue: '', + falseValue: '', + }, + }, + { + name: 'Max inactivity time before device locks', + uniqueSlug: 'macos-max-inactivity', + tooltip: 'The maximum number of minutes for which the device can be idle without the user unlocking it, before the system locks it.', + category: 'Device lock', + payload: 'Passcode', + payloadType: 'com.apple.mobiledevice.passwordpolicy', + formInput: { + type: 'number', + defaultValue: 4, + minValue: 0, + maxValue: 60, + unitLabel: 'minutes' + }, + formOutput: { + settingFormat: 'integer', + settingKey: 'maxInactivity', + }, + }, + { + name: 'Minimum password length', + uniqueSlug: 'macos-min-length', + tooltip: 'The minimum overall length of the passcode.', + category: 'Device lock', + payload: 'Passcode', + payloadType: 'com.apple.mobiledevice.passwordpolicy', + formInput: { + type: 'number', + defaultValue: 0, + minValue: 0, + maxValue: 16, + unitLabel: 'characters' + }, + formOutput: { + settingFormat: 'integer', + settingKey: 'minLength', + }, + }, + { + name: 'Require alphanumeric password', + uniqueSlug: 'macos-require-alphanumeric-password', + tooltip: 'If true, the system requires alphabetic characters instead of only numeric characters.', + category: 'Device lock', + payload: 'Passcode', + payloadType: 'com.apple.mobiledevice.passwordpolicy', + formInput: { + type: 'boolean', + trueValue: 0, + falseValue: 1 + }, + formOutput: { + settingFormat: 'boolean', + settingKey: 'requireAlphanumeric', + trueValue: '', + falseValue: '', + }, + }, + { + name: 'Change passcode at next login', + uniqueSlug: 'macos-change-at-next-auth', + tooltip: 'If true, the system causes a password reset to occur the next time the user tries to authenticate.', + category: 'Device lock', + payload: 'Passcode', + payloadType: 'com.apple.mobiledevice.passwordpolicy', + formInput: { + type: 'boolean', + trueValue: 0, + falseValue: 1 + }, + formOutput: { + settingFormat: 'boolean', + settingKey: 'changeAtNextAuth', + trueValue: '', + falseValue: '', + }, + }, + { + name: 'Maximum number of failed attempts', + uniqueSlug: 'macos-max-failed-attempts', + tooltip: 'The number of allowed failed attempts to enter the passcode at the device’s lock screen. After four failed attempts, the system imposes a time delay before a passcode can be entered again. When this number is exceeded in macOS, the system locks the device.', + category: 'Device lock', + payload: 'Passcode', + payloadType: 'com.apple.mobiledevice.passwordpolicy', + formInput: { + type: 'number', + defaultValue: 11, + minValue: 2, + maxValue: 11, + unitLabel: 'attempts' + }, + formOutput: { + settingFormat: 'integer', + settingKey: 'maxFailedAttempts', + }, + }, + { + name: 'Max grace period', + uniqueSlug: 'macos-max-grace-period', + tooltip: 'The maximum grace period, in minutes, to unlock the device without entering a passcode. The default is 0, which is no grace period and requires a passcode immediately.', + category: 'Device lock', + payload: 'Passcode', + payloadType: 'com.apple.mobiledevice.passwordpolicy', + formInput: { + type: 'number', + defaultValue: 0, + minValue: 0, + maxValue: 999, + unitLabel: 'minutes' + }, + formOutput: { + settingFormat: 'integer', + settingKey: 'maxGracePeriod', + }, + }, + { + name: 'Max passcode age', + uniqueSlug: 'macos-max-pin-age', + tooltip: 'The number of days for which the passcode can remain unchanged. After this number of days, the system forces the user to change the passcode before it unlocks the device.', + category: 'Device lock', + payload: 'Passcode', + payloadType: 'com.apple.mobiledevice.passwordpolicy', + formInput: { + type: 'number', + defaultValue: 0, + minValue: 0, + maxValue: 999, + unitLabel: 'days' + }, + formOutput: { + settingFormat: 'integer', + settingKey: 'maxPINAgeInDays', + }, + }, + { + name: 'Minimum complex characters', + uniqueSlug: 'macos-min-complex-characters', + tooltip: 'The minimum number of complex characters that a passcode needs to contain. A complex character is a character other than a number or a letter, such as &, %, $, and #.', + category: 'Device lock', + payload: 'Passcode', + payloadType: 'com.apple.mobiledevice.passwordpolicy', + formInput: { + type: 'number', + defaultValue: 0, + minValue: 0, + maxValue: 4, + unitLabel: 'characters' + }, + formOutput: { + settingFormat: 'integer', + settingKey: 'minComplexChars', + }, + }, + { + name: 'Minutes until failed login reset', + uniqueSlug: 'macos-minutes-until-failed-login-reset', + tooltip: 'The number of minutes before the system resets the login after the maximum number of unsuccessful login attempts is reached.', + category: 'Device lock', + payload: 'Passcode', + payloadType: 'com.apple.mobiledevice.passwordpolicy', + formInput: { + type: 'number', + defaultValue: 0, + minValue: 0, + maxValue: 4, + unitLabel: 'minutes' + }, + formOutput: { + settingFormat: 'integer', + settingKey: 'minutesUntilFailedLoginReset', + }, + }, + { + name: 'Passcode history', + uniqueSlug: 'macos-passcode-history', + tooltip: 'This value defines N, where the new passcode must be unique within the last N entries in the passcode history.', + category: 'Device lock', + payload: 'Passcode', + payloadType: 'com.apple.mobiledevice.passwordpolicy', + formInput: { + type: 'number', + minValue: 1, + maxValue: 50, + }, + formOutput: { + settingFormat: 'integer', + settingKey: 'pinHistory', + }, + }, + ], + } + ] }, ], // windows payloads - windowsPayloads: [ + windowsCategoriesAndPayloads: [ { - name: 'Enable device password', - uniqueSlug: 'windows-device-lock-enable-device-lock', - tooltip: 'Require a password to unlock the device', - category: 'Device lock', - supportedAccessTypes: ['add', 'replace'], - formInput: { - type: 'boolean', - }, - formOutput: {// For the compiler - settingFormat: 'int',// Used to generate a configuration profile - settingTarget: './Device/Vendor/MSFT/Policy/Config/DeviceLock/DevicePasswordEnabled',// Used to generate a configuration profile - trueValue: 0,// (type=boolean only) Used to keep track of what values the boolean input represents. - falseValue: 1,// (type=boolean only) Used to keep track of what values the boolean input represents. - }, - }, - { - name: 'Max inactivity time before device locks', - uniqueSlug: 'windows-device-lock-max-inactivity-before-device-locks', - category: 'Device lock', - tooltip: 'The number of seconds a device can remain inactive before a password is required to unlock the device.', - supportedAccessTypes: ['add', 'replace'], - alsoAutoSetWhenSelected: [ + categoryName: 'Privacy & security', + categorySlug: 'windows-privacy-and-security', + subcategories: [ { - dependingOnSettingSlug: 'windows-device-lock-enable-device-lock', - dependingOnSettingValue: true, + subcategoryName: 'Device lock', + subcategorySlug: 'windows-device-lock', + description: 'Settings related to screen lock and passwords.', + learnMoreLinkUrl: 'https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-devicelock', + payloads: [ + { + name: 'Enable device password', + uniqueSlug: 'windows-device-lock-enable-device-lock', + tooltip: 'Require a password to unlock the device', + category: 'Device lock', + supportedAccessTypes: ['add', 'replace'], + formInput: { + type: 'boolean', + }, + formOutput: { + settingFormat: 'int', + settingTarget: './Device/Vendor/MSFT/Policy/Config/DeviceLock/DevicePasswordEnabled', + trueValue: 0, + falseValue: 1, + }, + }, + { + name: 'Device password expiration', + uniqueSlug: 'windows-device-lock-device-password-expiration', + tooltip: 'Specifies when the password expires (in days).', + category: 'Device lock', + supportedAccessTypes: ['add', 'replace'], + alsoAutoSetWhenSelected: [ + { + dependingOnSettingSlug: 'windows-device-lock-enable-device-lock', + dependingOnSettingValue: true, + } + ], + formInput: { + type: 'number', + maxValue: 730, + minValue: 1, + unitLabel: 'days' + }, + formOutput: { + settingFormat: 'int', + settingTarget: './Device/Vendor/MSFT/Policy/Config/DeviceLock/DevicePasswordExpiration', + }, + }, + { + name: 'Device password history', + uniqueSlug: 'windows-device-lock-device-password-history', + tooltip: `Specifies how many passwords can be stored in the history that can't be used. \n The value includes the user's current password. This value denotes that with a setting of 1, the user can't reuse their current password when choosing a new password, while a setting of 5 means that a user can't set their new password to their current password or any of their previous four passwords.`, + category: 'Device lock', + supportedAccessTypes: ['add', 'replace'], + alsoAutoSetWhenSelected: [ + { + dependingOnSettingSlug: 'windows-device-lock-enable-device-lock', + dependingOnSettingValue: true, + } + ], + formInput: { + type: 'number', + maxValue: 50, + minValue: 0, + unitLabel: 'passwords' + }, + formOutput: { + settingFormat: 'int', + settingTarget: './Device/Vendor/MSFT/Policy/Config/DeviceLock/DevicePasswordHistory', + }, + }, + { + name: 'Max inactivity time before device locks', + uniqueSlug: 'windows-device-lock-max-inactivity-before-device-locks', + category: 'Device lock', + tooltip: 'The number of seconds a device can remain inactive before a password is required to unlock the device.', + supportedAccessTypes: ['add', 'replace'], + alsoAutoSetWhenSelected: [ + { + dependingOnSettingSlug: 'windows-device-lock-enable-device-lock', + dependingOnSettingValue: true, + } + ], + formInput: { + type: 'number', + maxValue: 9000, + minValue: 1, + unitLabel: 'seconds' + }, + formOutput: { + settingFormat: 'int', + settingTarget: './Device/Vendor/MSFT/Policy/Config/DeviceLock/MaxInactivityTimeDeviceLock', + }, + }, + { + name: 'Max inactivity time before device locks with external display', + uniqueSlug: 'windows-device-lock-max-inactivity-before-device-locks-with-external-display', + category: 'Device lock', + tooltip: 'The number of seconds a device can remain inactive while using an external monitor before a password is required to unlock the device.', + supportedAccessTypes: ['add', 'replace'], + alsoAutoSetWhenSelected: [ + { + dependingOnSettingSlug: 'windows-device-lock-enable-device-lock', + dependingOnSettingValue: true, + } + ], + formInput: { + type: 'number', + maxValue: 9000, + minValue: 1, + unitLabel: 'seconds' + }, + formOutput: { + settingFormat: 'int', + settingTarget: './Device/Vendor/MSFT/Policy/Config/DeviceLock/MaxInactivityTimeDeviceLockWithExternalDisplay', + }, + }, + { + name: 'Require alphanumeric device password', + uniqueSlug: 'windows-device-lock-require-alphanumeric-device-password', + category: 'Device lock', + supportedAccessTypes: ['add', 'replace'], + alsoAutoSetWhenSelected: [ + { + dependingOnSettingSlug: 'windows-device-lock-enable-device-lock', + dependingOnSettingValue: true, + } + ], + formInput: { + type: 'radio', + options: [ + { + name: 'Password or alphanumeric PIN required', + value: 0 + }, + { + name: 'Password or Numeric PIN required', + value: 1 + }, + { + name: 'Password, Numeric PIN, or alphanumeric PIN required', + value: 2, + } + ] + }, + formOutput: { + settingFormat: 'int', + settingTarget: './Device/Vendor/MSFT/Policy/Config/DeviceLock/AlphanumericDevicePasswordRequired', + }, + }, + { + name: 'Max failed attempts', + tooltip: 'The number of authentication failures allowed before the device will be wiped. A value of 0 disables device wipe functionality.', + uniqueSlug: 'windows-device-lock-max-failed-attempts', + category: 'Device lock', + supportedAccessTypes: ['add', 'replace'], + alsoAutoSetWhenSelected: [ + { + dependingOnSettingSlug: 'windows-device-lock-enable-device-lock', + dependingOnSettingValue: true, + } + ], + formInput: { + type: 'number', + defaultValue: 0, + minValue: 0, + maxValue: 999, + unitLabel: 'attempts' + }, + formOutput: { + settingFormat: 'int', + settingTarget: './Device/Vendor/MSFT/Policy/Config/DeviceLock/MaxDevicePasswordFailedAttempts', + }, + }, + { + name: 'Max password age', + tooltip: `Determines the period of time (in days) that a password can be used before the system requires the user to change it. You can set passwords to expire after a number of days between 1 and 999, or you can specify that passwords never expire by setting the number of days to 0.`, + uniqueSlug: 'windows-device-lock-max-password-age', + category: 'Device lock', + supportedAccessTypes: ['add', 'replace'], + formInput: { + type: 'number', + defaultValue: 42, + minValue: 0, + maxValue: 999, + unitLabel: 'days' + }, + formOutput: { + settingFormat: 'int', + settingTarget: './Device/Vendor/MSFT/Policy/Config/DeviceLock/MaximumPasswordAge', + }, + }, + { + name: 'Min password age', + tooltip: `Determines the period of time (in days) that a password must be used before the user can change it. You can set a value between 1 and 998 days, or you can allow changes immediately by setting the number of days to 0. If the maximum password age is set to 0, the minimum password age can be set to any value between 0 and 998. Configure the minimum password age to be more than 0 if you want Enforce password history to be effective.`, + uniqueSlug: 'windows-device-lock-min-password-age', + category: 'Device lock', + supportedAccessTypes: ['add', 'replace'], + formInput: { + type: 'number', + defaultValue: 1, + minValue: 0, + maxValue: 998, + unitLabel: 'days' + }, + formOutput: { + settingFormat: 'int', + settingTarget: './Device/Vendor/MSFT/Policy/Config/DeviceLock/MinimumPasswordAge', + }, + }, + { + name: 'Min password length', + tooltip: 'The minimum number of characters a device\'s password must be', + uniqueSlug: 'windows-device-lock-min-password-length', + category: 'Device lock', + supportedAccessTypes: ['add', 'replace'], + alsoAutoSetWhenSelected: [ + { + dependingOnSettingSlug: 'windows-device-lock-enable-device-lock', + dependingOnSettingValue: true, + } + ], + formInput: { + type: 'number', + defaultValue: 4, + minValue: 4, + maxValue: 16, + unitLabel: 'characters' + }, + formOutput: { + settingFormat: 'int', + settingTarget: './Device/Vendor/MSFT/Policy/Config/DeviceLock/MinDevicePasswordLength', + }, + }, + { + name: 'Min number of types of complex characters in device password', + tooltip: `The number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong PIN or password.`, + uniqueSlug: 'windows-device-min-types-of-complex-characters', + category: 'Device lock', + supportedAccessTypes: ['add', 'replace'], + alsoAutoSetWhenSelected: [ + { + dependingOnSettingSlug: 'windows-device-lock-enable-device-lock', + dependingOnSettingValue: true, + }, + { + dependingOnSettingSlug: 'windows-device-lock-require-alphanumeric-device-password', + dependingOnSettingValue: 0, + } + ], + formInput: { + type: 'radio', + options: [ + { + name: 'Digits only', + value: 1 + }, + { + name: 'Digits and lowercase letters are required.', + value: 2 + }, + { + name: 'Digits lowercase letters and uppercase letters are required.', + value: 3, + }, + { + name: 'Digits lowercase letters uppercase letters and special characters are required. Not supported in desktop.', + value: 4, + } + ] + }, + formOutput: { + settingFormat: 'int', + settingTarget: './Device/Vendor/MSFT/Policy/Config/DeviceLock/MinDevicePasswordComplexCharacters', + }, + }, + { + name: 'Allow simple device password', + tooltip: `Specifies whether PINs or passwords such as 1111 or 1234 are allowed. For the desktop, it also controls the use of picture passwords.`, + uniqueSlug: 'windows-device-lock-allow-simple-device-password', + category: 'Device lock', + supportedAccessTypes: ['add', 'replace'], + alsoAutoSetWhenSelected: [ + { + dependingOnSettingSlug: 'windows-device-lock-enable-device-lock', + dependingOnSettingValue: true, + } + ], + formInput: { + type: 'boolean', + }, + formOutput: { + settingFormat: 'int', + settingTarget: './Device/Vendor/MSFT/Policy/Config/DeviceLock/AllowSimpleDevicePassword', + trueValue: 1, + falseValue: 0, + }, + }, + { + name: 'Clear text password', + tooltip: `This security setting determines whether the operating system stores passwords using reversible encryption. Storing passwords using reversible encryption is essentially the same as storing plaintext versions of the passwords. For this reason, this policy should never be enabled unless application requirements outweigh the need to protect password information.`, + uniqueSlug: 'windows-device-lock-clear-text-password', + category: 'Device lock', + supportedAccessTypes: ['add', 'replace'], + formInput: { + type: 'boolean', + }, + formOutput: { + settingFormat: 'int', + settingTarget: './Device/Vendor/MSFT/Policy/Config/DeviceLock/AllowSimpleDevicePassword', + trueValue: 1, + falseValue: 0, + }, + }, + { + name: 'Prevent enabling lock screen camera', + tooltip: `Disables the lock screen camera toggle switch in PC Settings and prevents a camera from being invoked on the lock screen.`, + uniqueSlug: 'windows-device-lock-disable-screen-camera', + category: 'Device lock', + supportedAccessTypes: ['add', 'replace'], + formInput: { + type: 'boolean', + }, + formOutput: { + settingFormat: 'chr', + settingTarget: './Device/Vendor/MSFT/Policy/Config/DeviceLock/AllowSimpleDevicePassword', + trueValue: ']]>', + falseValue: ']]>', + }, + }, + { + name: 'Password must meet complexity requirements', + tooltip: `If this policy is enabled, passwords must meet the following minimum requirements: + - Not contain the user's account name or parts of the user's full name that exceed two consecutive characters + - Be at least six characters in length + - Contain characters from three of the following four categories: + - English uppercase characters (A through Z) + - English lowercase characters (a through z) + - Base 10 digits (0 through 9) + - Non-alphabetic characters (for example, !, $, #, %)`, + uniqueSlug: 'windows-device-lock-password-complexity', + category: 'Device lock', + supportedAccessTypes: ['add', 'replace'], + formInput: { + type: 'boolean', + }, + formOutput: { + settingFormat: 'int', + settingTarget: './Device/Vendor/MSFT/Policy/Config/DeviceLock/PasswordComplexity', + trueValue: 0, + falseValue: 1, + }, + }, + ], } - ], - formInput: { - type: 'number', - maxValue: 9000, - minValue: 1, - unitLabel: 'seconds' - }, - formOutput: {// For the compiler - settingFormat: 'int',// Used to generate a configuration profile - settingTarget: './Device/Vendor/MSFT/Policy/Config/DeviceLock/DevicePasswordEnabled',// Used to generate a configuration profile - }, + ] }, - { - name: 'Require alphanumeric device password', - uniqueSlug: 'windows-device-lock-require-alphanumeric-device-password', - category: 'Device lock', - supportedAccessTypes: ['add', 'replace'], - alsoAutoSetWhenSelected: [ - { - dependingOnSettingSlug: 'windows-device-lock-enable-device-lock', - dependingOnSettingValue: true, - } - ], - formInput: { - type: 'radio', - options: [ - { - name: 'Password or alphanumeric PIN required', - value: '1' - }, - { - name: 'Password or Numeric PIN required', - value: '2' - }, - { - name: 'Password, Numeric PIN, or alphanumeric PIN required', - value: '3', - } - ] - }, - formOutput: {// For the compiler - settingFormat: 'int',// Used to generate a configuration profile - settingTarget: './Device/Vendor/MSFT/Policy/Config/DeviceLock/AlphanumericDevicePasswordRequired',// Used to generate a configuration profile - }, - }, - { - name: 'Min password length', - toolTip: 'The minimum number of characters a device\'s password must be', - uniqueSlug: 'windows-device-lock-min-password-length', - category: 'Device lock', - supportedAccessTypes: ['add', 'replace'], - alsoAutoSetWhenSelected: [ - { - dependingOnSettingSlug: 'windows-device-lock-enable-device-lock', - dependingOnSettingValue: true, - } - ], - formInput: { - type: 'number', - defaultValue: 4, - minValue: 4, - maxValue: 16, - unitLabel: 'characters' - }, - formOutput: {// For the compiler - settingFormat: 'int',// Used to generate a configuration profile - settingTarget: './Device/Vendor/MSFT/Policy/Config/DeviceLock/MinDevicePasswordLength',// Used to generate a configuration profile - }, - } - ] + ], }, // ╦ ╦╔═╗╔═╗╔═╗╦ ╦╔═╗╦ ╔═╗ @@ -602,17 +878,16 @@ parasails.registerPage('configuration-builder', { }, clickSelectPayload: async function(payloadSlug) { if(!this.selectedPayloadSettings[payloadSlug]){ - let payloadsToUse; - if(this.selectedPlatform === 'windows'){ - payloadsToUse = this.windowsPayloads; - } else if(this.selectedPlatform === 'macos') { - payloadsToUse = this.macOSPayloads; - } - let selectedPayload = _.find(payloadsToUse, {uniqueSlug: payloadSlug}) || {}; + // if(this.selectedPlatform === 'windows'){ + // payloadsToUse = this.windowsCategoriesAndPayloads; + // } else if(this.selectedPlatform === 'macos') { + // payloadsToUse = this.macosCategoriesAndPayloads; + // } + let selectedPayload = _.find(this.selectedPayloadCategory.payloads, {uniqueSlug: payloadSlug}) || {}; if(selectedPayload.alsoAutoSetWhenSelected) { for(let autoSelectedPayload of selectedPayload.alsoAutoSetWhenSelected ) { let payloadToAddSlug = autoSelectedPayload.dependingOnSettingSlug; - let payloadToAdd = _.find(payloadsToUse, {uniqueSlug: payloadToAddSlug}); + let payloadToAdd = _.find(this.selectedPayloadCategory.payloads, {uniqueSlug: payloadToAddSlug}); this.selectedPayloads.push(payloadToAdd); this.$set(this.configurationBuilderFormData, payloadToAddSlug+'-value', autoSelectedPayload.dependingOnSettingValue); this.autoSelectedPayloadSettings[payloadToAddSlug] = true; diff --git a/website/assets/styles/pages/configuration-builder.less b/website/assets/styles/pages/configuration-builder.less index 9d7271039a..423e310a26 100644 --- a/website/assets/styles/pages/configuration-builder.less +++ b/website/assets/styles/pages/configuration-builder.less @@ -2,35 +2,35 @@ h2 { - color: var(--Fleet-Black-100, #192147); + color: #192147; + - /* Title S (FKA h4) */ font-family: Inter; font-size: 20px; font-style: normal; font-weight: 800; - line-height: 24px; /* 120% */ + line-height: 24px; margin-bottom: 10px; } h3 { - color: var(--text-text-brand, #192147); + color: #192147; + - /* Title M (FKA h3) */ font-family: Inter; font-size: 24px; font-style: normal; font-weight: 800; - line-height: 28.8px; /* 120% */ + line-height: 28.8px; } p { - color: var(--text-text-primary, #515774); + color: #515774; + - /* Body SM (FKA Card text) */ font-family: Inter; font-size: 14px; font-style: normal; font-weight: 400; - line-height: 150%; /* 142.857% */ + line-height: 150%; } [purpose='page-header'] {// Note: this overrides the header styles in layout.less. max-width: 100%; @@ -102,9 +102,9 @@ padding: 48px; display: flex; flex-direction: column; - border-radius: var(--spacing-2, 16px); - border: 1px solid var(--border-border-primary, #E2E4EA); - background: var(--surface-surface-primary, #FFF); + border-radius: 16px; + border: 1px solid #E2E4EA; + background: #FFF; box-shadow: 0px 0px 0px 2px rgba(25, 33, 71, 0.05); align-items: flex-start; position: absolute; @@ -115,14 +115,14 @@ [purpose='platform-button'] { display: flex; height: 120px; - padding: var(--spacing-spacing-sm, 16px) var(--spacing-spacing-xl, 64px); + padding: 16px 64px; flex-direction: column; justify-content: center; align-items: center; flex: 1 0 0; - border-radius: var(--spacing-spacing-xs, 8px); - border: 1px solid var(--border-border-primary, #E2E4EA); - background: var(--surface-surface-primary, #FFF); + border-radius: 8px; + border: 1px solid #E2E4EA; + background: #FFF; max-width: 163.5px; margin-bottom: 32px; margin-top: 32px; @@ -134,10 +134,10 @@ margin-bottom: 8px; } &:hover { - border: 1px solid var(--surface-surface-brand, #192147); + border: 1px solid #192147; } &.selected { - border: 1px solid var(--surface-surface-brand, #192147); + border: 1px solid #192147; } &.is-invalid { color: #FF5C83; @@ -279,11 +279,11 @@ height: 100%; position: relative; z-index: 1; - padding: var(--spacing-spacing-md, 24px) var(--spacing-spacing-xs, 8px) var(--spacing-spacing-md, 24px) var(--spacing-spacing-sm, 16px); + padding: 24px 8px 24px 16px; flex-direction: column; align-items: flex-start; - border-right: 1px solid var(--border-border-primary, #E2E4EA); - background: var(--surface-surface-primary, #FFF); + border-right: 1px solid #E2E4EA; + background: #FFF; } [purpose='category-options'] { flex-direction: column; @@ -291,27 +291,27 @@ align-items: flex-start; width: 100%; a { - color: var(--text-text-primary, #515774); - padding: var(--spacing-spacing-xxs, 4px) var(--spacing-spacing-xs, 8px) var(--spacing-spacing-xxs, 4px) var(--spacing-spacing-xxs, 4px); + color: #515774; + padding: 4px 8px 4px 4px; align-self: stretch; width: 100%; cursor: pointer; - /* Body SM (FKA Card text) */ + font-family: Inter; font-size: 14px; font-style: normal; font-weight: 400; - line-height: 20px; /* 142.857% */ + line-height: 20px; &.selected { - border-radius: var(--spacing-spacing-xxs, 4px); - background: var(--surface-surface-secondary, #F9FAFC); + border-radius: 4px; + background: #F9FAFC; } } } [purpose='subcategories'] { a { display: flex; - padding: var(--spacing-spacing-xxs, 4px) var(--spacing-spacing-xs, 8px) var(--spacing-spacing-xxs, 4px) var(--spacing-spacing-md, 24px); + padding: 4px 4px 4px 24px; flex-direction: column; align-items: flex-start; width: 100%; @@ -334,9 +334,9 @@ top: calc(~'50% - 82px'); } [purpose='empty-box'] { - border-radius: var(--spacing-1, 8px); + border-radius: 8px; opacity: 0.2; - background: var(--text-text-tertiary, #C5C7D1); + background: #C5C7D1; width: 92px; height: 92px; margin-bottom: 20px; @@ -345,15 +345,15 @@ } [purpose='empty-state-note'] { width: 220px; - color: var(--text-text-primary, #515774); + color: #515774; text-align: center; - /* Body XS (FKA p small) */ + font-family: Inter; font-size: 12px; font-style: normal; font-weight: 400; - line-height: 18px; /* 150% */ + line-height: 18px; } } @@ -376,7 +376,7 @@ min-width: 384px; background: #FFF; height: 100%; - border-right: 1px solid var(--border-border-primary, #E2E4EA); + border-right: 1px solid #E2E4EA; scrollbar-width: 16px; position: absolute; left: -500px; @@ -392,36 +392,34 @@ } [purpose='subcategory-header'] { display: flex; - padding: var(--spacing-spacing-lg, 32px) var(--spacing-spacing-sm, 16px); + padding: 32px 16px; flex-direction: column; align-items: flex-start; align-self: stretch; - border-bottom: 1px solid var(--border-border-primary, #E2E4EA); + border-bottom: 1px solid #E2E4EA; h2 { - color: var(--text-text-brand, #192147); + color: #192147; + - /* Title XS */ font-family: Inter; font-size: 16px; font-style: normal; font-weight: 800; - line-height: 120%; /* 120% */ + line-height: 120%; } p { - color: var(--text-text-primary, #515774); - - /* Body SM (FKA Card text) */ + color: #515774; font-family: Inter; font-size: 14px; font-style: normal; font-weight: 400; - line-height: 20px; /* 142.857% */ + line-height: 20px; } } [purpose='subcategory-options'] { display: flex; - padding: var(--spacing-spacing-lg, 32px) var(--spacing-spacing-sm, 16px) var(--spacing-spacing-sm, 16px) var(--spacing-spacing-sm, 16px); + padding: 32px 16px 16px 16px; flex-direction: column; align-items: flex-start; align-self: stretch; @@ -430,7 +428,7 @@ flex-direction: row; align-items: center; justify-content: center; - padding: var(--spacing-spacing-xs, 8px) var(--spacing-spacing-xs, 8px) var(--spacing-spacing-xs, 8px) var(--spacing-spacing-xxs, 4px); + padding: 8px 8px 8px 4px; label { margin-bottom: 0px; display: flex; @@ -447,8 +445,8 @@ height: 16px; width: 16px; border-radius: 3.2px; - border: 1.6px solid var(--text-text-tertiary, #C5C7D1); - background: var(--surface-surface-primary, #FFF); + border: 1.6px solid #C5C7D1; + background: #FFF; margin-right: 8px; position: relative; [purpose='custom-checkbox-check'] { @@ -497,7 +495,7 @@ // min-width: 400px; background: #FFF; // height: 100%; - border: 1px solid var(--border-border-primary, #E2E4EA); + border: 1px solid #E2E4EA; scrollbar-width: 16px; position: absolute; left: 100%; @@ -518,7 +516,7 @@ } [purpose='payload-category'] { width: 100%; - border-top: 1px solid var(--border-border-primary, #E2E4EA); + border-top: 1px solid #E2E4EA; margin-top: 8px; border-radius: 8px; &:first-of-type { @@ -530,7 +528,7 @@ display: flex; flex-direction: row; justify-content: space-between; - padding: var(--spacing-spacing-md, 24px); + padding: 24px; align-items: center; align-self: stretch; width: 100%; @@ -543,33 +541,33 @@ align-items: center; [purpose='download-button'] { display: flex; - padding: var(--spacing-1, 8px) var(--spacing-2, 16px); + padding: 16px; justify-content: center; align-items: center; border-radius: 8px; - background: var(--Core-Fleet-Black, #192147); + background: #192147; margin-left: 16px; height: 32px; } } [purpose='payload-option'] { display: flex; - padding: var(--spacing-spacing-lg, 32px) var(--spacing-spacing-md, 24px); + padding: 32px 24px; flex-direction: column; align-items: flex-start; align-self: stretch; - border-radius: var(--spacing-spacing-none, 0px); - border-top: 1px solid var(--border-border-primary, #E2E4EA); + border-radius: 0px; + border-top: 1px solid #E2E4EA; // margin-bottom: 24px; [purpose='access-type-select'] { height: 36px; - padding: 0px 6px 0px var(--spacing-spacing-xs, 8px); - color: var(--text-text-brand, #192147); + padding: 0px 6px 0px 8px; + color: #192147; font-family: Inter; font-size: 13px; font-style: normal; font-weight: 400; - line-height: 24px; /* 184.615% */ + line-height: 24px; // text-transform: uppercase; } [purpose='option-value'] { @@ -578,7 +576,7 @@ display: flex; width: 260px; height: 36px; - padding: 0px 6px 0px var(--spacing-spacing-xs, 8px); + padding: 0px 6px 0px 8px; align-items: center; font-size: 14px; color: #515774; @@ -594,18 +592,17 @@ user-select: none; cursor: pointer; width: fit-content; - padding: var(--spacing-spacing-xs, 8px) 0px; + padding: 8px 0px; margin-bottom: 0px; display: flex; flex-direction: row; align-items: center; - color: var(--text-text-primary, #515774); + color: #515774; font-family: Inter; font-size: 14px; font-style: normal; font-weight: 400; - line-height: 20px; /* 142.857% */ - white-space: nowrap; + line-height: 20px; height: fit-content; border: none; input { @@ -618,7 +615,7 @@ height: 20px; margin-right: 8px; border-radius: 100px; - background: var(--UI-Fleet-Black-50, #8B8FA2); + background: #8B8FA2; display: flex; align-items: center; [purpose='custom-switch-status'] { @@ -633,7 +630,7 @@ transition: 0.25s all; } &.checked { - background: var(--Success, #3DB67B); + background: #3DB67B; [purpose='custom-switch-status'] { transform: translateX(17px); } @@ -697,74 +694,74 @@ bottom: 0px; width: calc(~'100% - 584px'); height: 53px; - padding: var(--spacing-spacing-xs, 8px); + padding: 8px; justify-content: flex-end; align-items: center; gap: 10px; - border-top: 1px solid var(--border-border-primary, #E2E4EA); - background: var(--surface-surface-primary, #FFF); + border-top: 1px solid #E2E4EA; + background: #FFF; &.slide-in { transform: none; } [purpose='new-button'] { border-radius: 8px; - border: 1px solid var(--color-grey-200, #E2E4EA); - background: var(--Off-white, #F9FAFC); + border: 1px solid #E2E4EA; + background: #F9FAFC; display: flex; width: 129px; - padding: var(--spacing-1, 8px) var(--spacing-2, 16px); + padding: 8px 16px; justify-content: center; align-items: center; - gap: var(--spacing-2, 16px); + gap: 16px; flex-shrink: 0; height: 37px; - color: var(--text-text-primary, #515774); + color: #515774; text-align: center; - /* Body SM (bold) */ + font-family: Inter; font-size: 14px; font-style: normal; font-weight: 700; - line-height: 21px; /* 150% */ + line-height: 21px; cursor: pointer; } } [purpose='download-button'] { border-radius: 8px; - background: var(--Core-Fleet-Black, #192147); + background: #192147; display: flex; - padding: var(--spacing-1, 8px) var(--spacing-2, 16px); + padding: 8px 16px; height: 37px; justify-content: center; align-items: center; cursor: pointer; - gap: var(--spacing-2, 16px); + gap: 16px; color: #FFF; font-weight: 700; text-align: center; - /* Body SM (bold) */ + font-family: Inter; font-size: 14px; font-style: normal; - line-height: 21px; /* 150% */ + line-height: 21px; .button-text { display: flex; // justify-content: center; align-items: center; - gap: var(--spacing-2, 16px); + gap: 16px; color: #FFF; height: 37px; font-weight: 700; text-align: center; - /* Body SM (bold) */ + font-family: Inter; font-size: 14px; font-style: normal; - line-height: 21px; /* 150% */ + line-height: 21px; } } input.form-control { @@ -797,12 +794,12 @@ margin-bottom: 24px; } label { - color: var(--Fleet-Black-100, #192147); + color: #192147; font-family: Inter; font-size: 13px; font-style: normal; font-weight: 700; - line-height: 15.6px; /* 120% */ + line-height: 15.6px; } [purpose='modal-form-option'] { margin-bottom: 24px; @@ -823,9 +820,4 @@ } } - @media(max-width: 1000px) { - - } - - } diff --git a/website/views/pages/configuration-builder.ejs b/website/views/pages/configuration-builder.ejs index 55e7d8d605..1f01baad76 100644 --- a/website/views/pages/configuration-builder.ejs +++ b/website/views/pages/configuration-builder.ejs @@ -72,15 +72,20 @@ %>
- Privacy & security - @@ -93,87 +98,22 @@ %>
-
+
-

Device lock

+

{{selectedPayloadCategory.subcategoryName}}

- Settings related to screen lock and passwords. Learn more + {{selectedPayloadCategory.description}} Learn more

-
-
-
-
-
-

Device lock

-

- Settings related to screen lock and passwords. Learn more -

-
-
-
- - More info -
-
- - More info -
-
- - More info -
-
- - More info + More info