Skip to main content

Apple Screen Saver Policy

Updated over 2 weeks ago

The Apple Screen Saver Policy allows IT administrators to configure and enforce screen saver settings on managed macOS devices. This helps maintain security, prevent unauthorized access, and ensure a consistent experience across all endpoints.

Overview

This policy controls how and when a screen saver activates on macOS devices, whether a password is required to unlock the screen, and which screen saver module is displayed.
It applies to macOS 10.11 and later.

Settings and Options

1. Require Password to Unlock Screen

  • Description: Enforces password authentication when the screen saver is stopped or the system is unlocked.

  • Options:

    • True – Users must enter their password to unlock.

    • False – Screen can be unlocked without a password.

  • Requirement: macOS 10.13+

2. Require Password Delay

  • Description: Sets a delay (in seconds) before the password requirement activates after the screen saver starts.

  • Example:

    • Immediately – Require a password immediately.

    • 5 minutes

  • Note, on macOS Lock Screen – “Never Require Password” Configuration (Important Explanation)

    When configuring macOS lock screen behavior through Swif, you may want the device to effectively never prompt for a password after the screen saver starts or the display turns off.

    On macOS, this behavior is controlled by two settings:

    1. Require Password to Unlock Screen

    2. Require Password Delay

  • “Never require password” behavior on macOS

    On macOS, configuring a device to behave as if it never prompts for a password after the screen saver or display sleep requires:

    • Require password to unlock screen: True

    • Require Password delay: Never

    macOS needs the password requirement enabled to apply any delay value. Setting this to False disables the password mechanism entirely, which prevents reliable use of a delay and can cause macOS to fall back to its own defaults.

  • Why “Require Password” Must Be Set to True

    This may seem counterintuitive.

    macOS requires the password enforcement mechanism to be enabled in order to apply a delay value. If Require Password is set to False, macOS may:

    • Ignore the delay value

    • Revert to system defaults

    • Display inconsistent behavior in System Settings

    • By setting:

      • Require Password = True

      • Delay = Never (Actually set to a maximum Value)

    • You are effectively telling macOS:

      Require a password — but only after an extremely long delay (many years).

      This results in the practical behavior of never prompting for a password after the screen saver or display sleep.

3. Screensaver Path

  • Description: The full POSIX file path to the .saver bundle used as the screen saver.

  • Default macOS locations:

    • /System/Library/Screen Savers/ (built-in)

    • /Library/Screen Savers/ (custom company-wide modules)

Sample Values:

Example

Description

/System/Library/Screen Savers/Flurry.saver

Built-in macOS "Flurry" screen saver

/System/Library/Screen Savers/Message.saver

Built-in "Message" screen saver

/Library/Screen Savers/Aerial.saver

Custom Aerial screen saver deployed via MDM

4. Login Window Screensaver Idle Time

  • Description: The duration (in seconds) of inactivity at the login window before the screen saver starts.

  • Example:

    • 600 = 10 minutes

    • 0 = Never activates

5. Screensaver Idle Time

  • Description: Duration (in seconds) of inactivity before the screen saver starts for logged-in users.

  • Example:

    • 900 = 15 minutes

    • 300 = 5 minutes

  • Note on policy conflicts with Apple Password Policy
    Due to an Apple-side limitation, the Maximum Auto-Lock (minutes) setting in Apple Password Policy conflicts with the Screensaver idle time setting in Apple Screen Saver Policy. In testing, we’ve observed that whichever policy is assigned most recently will take precedence for this timer. If you use both policies, be aware that changing or reassigning one may override the other’s idle/lock behavior on devices.

6. Screensaver Module Name

  • Description: The display name of the screen saver module (without the .saver extension).

  • Requirement: Must match the module name defined in the .saver bundle.

  • If not specified, macOS defaults to the Flurry module.

Sample Values:

Example

Description

Flurry

Built-in macOS module

Message

Displays a custom message

Aerial

Uses the popular Aerial video screen saver

Example Configuration

Setting

Sample Value

Require Password to Unlock

True

Require Password Delay

Immediately

Screensaver Path

/System/Library/Screen Savers/Flurry.saver

Login Window Screensaver Idle Time

600

Screensaver Idle Time

900

Screensaver Module Name

Flurry

This configuration enforces the Flurry screen saver after 15 minutes of inactivity and requires a password immediately upon wake.

Best Practices

  • Use built-in screen savers (e.g., Flurry, Message) to ensure compatibility with all macOS versions.

  • For custom screen savers (like Aerial), deploy the .saver bundle to /Library/Screen Savers/ before applying this policy.

  • Set the Require Password option to True to comply with most security frameworks (e.g., SOC 2, ISO 27001).

Related Articles
BYOD per compliance requirement
Apple Password Policy
Linux Screen Saver Policy
Apple Energy Saver Policy
Linux Policy Cleanup After Unenrollment or Policy Deletion
Did this answer your question?