From b23d33122787e7677ac67ab5821f2d82606e5a6e Mon Sep 17 00:00:00 2001 From: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com> Date: Tue, 18 Feb 2025 07:33:41 +0900 Subject: [PATCH] Update standard-query-library.yml (#26346) closes: https://github.com/fleetdm/fleet/issues/24415#issuecomment-2657863048 - Updated policy to the suggestion from @jmwatts in the linked bug report. - Added caveat note. @ddribeiro, please can you confirm that the suggested policy edit is good to go? Co-authored-by: Eric --- .../standard-query-library/standard-query-library.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml b/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml index ec2aaf7435..180f3b5fd7 100644 --- a/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml +++ b/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml @@ -754,8 +754,8 @@ apiVersion: v1 kind: policy spec: name: Automatic login disabled (macOS) - query: SELECT 1 FROM managed_policies WHERE domain = 'com.apple.loginwindow' AND name = 'com.apple.login.mcx.DisableAutoLoginClient' AND value = 1 LIMIT 1; - description: "Checks that a mobile device management (MDM) solution configures the Mac to prevent login in without a password." + query: SELECT 1 FROM managed_policies WHERE domain = 'com.apple.loginwindow' AND name = 'DisableFDEAutoLogin' AND value = 1 LIMIT 1; + description: "Checks that a mobile device management (MDM) solution configures the Mac to prevent login in without a password. Note: This policy will not report a value if FileVault is disabled." resolution: "Contact your IT administrator to ensure your Mac is receiving a profile that disables automatic login." tags: MDM required, compliance, hardening, built-in, critical platform: darwin