Repurpose policies 17560 (#17743)

sharon-fdm · web-flow · commit 39f0fd291d9f · 2024-03-22T10:15:50.000-04:00
Same as #17560
diff --git a/ee/cis/macos-13/cis-policy-queries.yml b/ee/cis/macos-13/cis-policy-queries.yml
@@ -2110,10 +2110,7 @@ spec:
         3. Select the i next to the Guest User
         4. Verify that Allow guests to log in to this computer is disable
   query: |
-    SELECT 1 WHERE
-    EXISTS(SELECT 1 FROM plist WHERE path='/Library/Preferences/com.apple.loginwindow.plist' AND key='GuestEnabled' AND value = 0)
-    OR
-    EXISTS(select 1 FROM plist WHERE path='/Library/Preferences/com.apple.MCX.plist' AND key='DisableGuestAccount' AND value = 1);
+    SELECT 1 FROM plist WHERE path='/Library/Preferences/com.apple.loginwindow.plist' AND key='GuestEnabled' AND value = 0;
   purpose: Informational
   tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.12.1
   contributors: sharon-fdm
diff --git a/ee/cis/macos-14/cis-policy-queries.yml b/ee/cis/macos-14/cis-policy-queries.yml
@@ -2110,10 +2110,7 @@ spec:
         3. Select the i next to the Guest User
         4. Verify that Allow guests to log in to this computer is disable
   query: |
-    SELECT 1 WHERE
-    EXISTS(SELECT 1 FROM plist WHERE path='/Library/Preferences/com.apple.loginwindow.plist' AND key='GuestEnabled' AND value = 0)
-    OR
-    EXISTS(select 1 FROM plist WHERE path='/Library/Preferences/com.apple.MCX.plist' AND key='DisableGuestAccount' AND value = 1);
+    SELECT 1 FROM plist WHERE path='/Library/Preferences/com.apple.loginwindow.plist' AND key='GuestEnabled' AND value = 0;
   purpose: Informational
   tags: compliance, CIS, CIS_Level1
   contributors: sharon-fdm
diff --git a/it-and-security/lib/macos-device-health.policies.yml b/it-and-security/lib/macos-device-health.policies.yml
@@ -11,7 +11,7 @@
   resolution: An an IT admin, deploy a macOS, Firewall profile with the EnableFirewall option set to true.
   platform: darwin
 - name: macOS - Disable guest account
-  query: SELECT 1 FROM managed_policies WHERE domain='com.apple.loginwindow' AND username = '' AND name='DisableGuestAccount' AND CAST(value AS INT) = 1;
+  query: SELECT 1 FROM plist WHERE path='/Library/Preferences/com.apple.loginwindow.plist' AND key='GuestEnabled' AND value = 0;
   critical: false
   description: This policy checks if the guest account is disabled.
   resolution: An an IT admin, deploy a macOS, login window profile with the DisableGuestAccount option set to true.
@@ -52,4 +52,4 @@
   critical: false
   description: This policy checks if maximum amount of time (in minutes) the device is allowed to sit idle before the screen is locked. End users can select any value less than the specified maximum.
   resolution: An an IT admin, deploy a macOS, screen saver profile with the maxInactivity option set to 20 minutes.
-  platform: darwin
+  platform: darwin
