Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-4758: Setting GNOME ScreenSaver group policy on Ubuntu platform

Centrify DirectControl ,  

20 October,17 at 07:02 PM

Problem:
 
Why is GNOME ScreenSaver group policy not getting applied in Ubuntu platforms?

 
Cause:
 
Gnome screen lock is a per-user setting. It is hard to make it for a machine Group Policy based setting. Machine screen locking GP is generic for X11 - does not work for Gnome.  
 
There is no global Gnome3 settings, so it is not possible to make it machine GP - it has to be per user. 
 
Ubuntu 12.04 and above have Gnome version 3. Gnome version 3 is planned and not supported with the current Centrify products.
 
 
Workaround:

The following applies to Ubuntu 12.x, 14.x and above only.  

To make it machine GP, the only way is to create an autostart file in /etc/xdg/autostart. 
 
Autostart script is to set any Gnome setting, and deploy it using copyfile GP.
 
There is an attachment with this KB with the mapper script for 12.04 and 14.04.  Machine GP mapper script can write this file. Then at user login, this file runs gsettings command to change screen lock setting. 
 
Deploy it into /usr/share/centrifydc/mappers/machine folder, and make sure permission is 0755 and rename the original with the following commands-- 
 
To do that, do the following-- 
 
# sudo mv EnforceScreenlocking.pl EnforceScreenLocking.pl.original 
 
and then rename the script with the following-- 
 
# sudo mv EnforceScreenLocking-Ubuntu.pl EnforceScreenLocking.pl 
 
Instead of renaming the .pl file just copy the file in the machine folder and it should work as well.
 
 
After that provide 755 permission to the file as follows-- 
 
chmod 755 EnforceScreenLocking.pl 
 
With that permission will be seen on the file as follows-- 
 
rwxr -xr-x root root ........EnforceScreenLocking.pl 
 
Once set the permission go to GPOE and go to the following GP to make sure it is enabled-- 
 
Computer Configuration 
-> Centrify Settings 
-> Linux Settings 
-> Enforce screen locking 
 
From the Ubuntu machine open the Terminal and run "adgpupdate" to force a GP refresh. 

Notes:
 - Regarding Ubuntu 14.04, screen won't turn off when locked. It will just show the unlock screen. Screen will eventually turn off after several minutes. 
 - Since this new script uses autostart mechanism that happens at login time, if user is already logged in, then need to logout and login again.
 - There's one way to prevent user from changing setting, but it will prevent user from changing ANY gnome setting:  set permission of ~/.config/dconf to 555.
 - There's no way to lock screensaver setting only. Either lock all Gnome setting or lock nothing.
Attachments:

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.