Skip to content

Commit 39f0fd2

Browse files
authored
Repurpose policies 17560 (#17743)
Same as #17560
1 parent 6f93894 commit 39f0fd2

File tree

3 files changed

+4
-10
lines changed

3 files changed

+4
-10
lines changed

ee/cis/macos-13/cis-policy-queries.yml

+1-4
Original file line numberDiff line numberDiff line change
@@ -2110,10 +2110,7 @@ spec:
21102110
3. Select the i next to the Guest User
21112111
4. Verify that Allow guests to log in to this computer is disable
21122112
query: |
2113-
SELECT 1 WHERE
2114-
EXISTS(SELECT 1 FROM plist WHERE path='/Library/Preferences/com.apple.loginwindow.plist' AND key='GuestEnabled' AND value = 0)
2115-
OR
2116-
EXISTS(select 1 FROM plist WHERE path='/Library/Preferences/com.apple.MCX.plist' AND key='DisableGuestAccount' AND value = 1);
2113+
SELECT 1 FROM plist WHERE path='/Library/Preferences/com.apple.loginwindow.plist' AND key='GuestEnabled' AND value = 0;
21172114
purpose: Informational
21182115
tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.12.1
21192116
contributors: sharon-fdm

ee/cis/macos-14/cis-policy-queries.yml

+1-4
Original file line numberDiff line numberDiff line change
@@ -2110,10 +2110,7 @@ spec:
21102110
3. Select the i next to the Guest User
21112111
4. Verify that Allow guests to log in to this computer is disable
21122112
query: |
2113-
SELECT 1 WHERE
2114-
EXISTS(SELECT 1 FROM plist WHERE path='/Library/Preferences/com.apple.loginwindow.plist' AND key='GuestEnabled' AND value = 0)
2115-
OR
2116-
EXISTS(select 1 FROM plist WHERE path='/Library/Preferences/com.apple.MCX.plist' AND key='DisableGuestAccount' AND value = 1);
2113+
SELECT 1 FROM plist WHERE path='/Library/Preferences/com.apple.loginwindow.plist' AND key='GuestEnabled' AND value = 0;
21172114
purpose: Informational
21182115
tags: compliance, CIS, CIS_Level1
21192116
contributors: sharon-fdm

it-and-security/lib/macos-device-health.policies.yml

+2-2
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
resolution: An an IT admin, deploy a macOS, Firewall profile with the EnableFirewall option set to true.
1212
platform: darwin
1313
- name: macOS - Disable guest account
14-
query: SELECT 1 FROM managed_policies WHERE domain='com.apple.loginwindow' AND username = '' AND name='DisableGuestAccount' AND CAST(value AS INT) = 1;
14+
query: SELECT 1 FROM plist WHERE path='/Library/Preferences/com.apple.loginwindow.plist' AND key='GuestEnabled' AND value = 0;
1515
critical: false
1616
description: This policy checks if the guest account is disabled.
1717
resolution: An an IT admin, deploy a macOS, login window profile with the DisableGuestAccount option set to true.
@@ -52,4 +52,4 @@
5252
critical: false
5353
description: This policy checks if maximum amount of time (in minutes) the device is allowed to sit idle before the screen is locked. End users can select any value less than the specified maximum.
5454
resolution: An an IT admin, deploy a macOS, screen saver profile with the maxInactivity option set to 20 minutes.
55-
platform: darwin
55+
platform: darwin

0 commit comments

Comments
 (0)