Aerial at login in a managed environment

[dvtch]

I'm looking to deploy this to a lab of AD bound Macs. My settings are such that while a user is logged in, there isn't really a point of a screensaver because for security reasons, users are auto-logged out after 10 minutes of inactivity anyway. Where I want to utilise Aerial is at the login Window where there is more likelihood of screen burn. My MDM service has options to pick which screen saver to use at the login window but when I point it to /Library/Screen Savers/Aerial.saver - nothing actually loads. I have read that not all screen savers necessarily work before login. That might simply be the case here?

Is Aerial likely to work in this scenario or should I just pass on the idea?

[glouel]

@dvtch I can't find much about what is precisely not allowed at login, but I can think of a couple reasons why it wouldn't work.

The very first launch of Aerial needs :

• network access to download the json
• to create a cache directory (in the users Library/Cache)
• filesystem access to said directory
• to write where the cache directory is in the user's preferences.

So pre login, first launch would definitely fail.
Subsequent launch, I would guess when no user is login, you can't load preferences so we'd don't know where to look for the cache directory, assuming we would have access to the filesystem (I would guess not).

So off the top of my head, I would guess that's not possible as is. If you can find what specifically is allowed/not allowed, maybe we could find a workaround but it would make sense to me that we don't have filesystem access at login.

Last comment there, people seem to say that Ken Burns won't load, which would corroborate the no filesystem thing.

[LvanProosdij]

@dvtch I see no reason why Aerial would not have network access and filesystem access if triggered at login (with no user logged in).

I think you should investigate to move all files (prefs, cache, etc.) from user profile (~/Library) to main Library (/Library). BTW Aerial is located there… /Library/Screen Savers/ that's why it should be able to run at login screen.
This would also avoid storing copies of cached videos in each user profile.
Leaving no choice for users to choose a cache directory, just storing cache in /Library/Caches/com.JohnCoates.Aerial/.

Preferences would be global, no per user preferences.

[glouel]

(I would add to this that installing for all users should do most of this for you already, but I'm really not convinced filesystem would be available to Aerial, for security reasons. Might be totally wrong on that ! If you give it a shot, enable logging and post log if you have an issue)

[LvanProosdij]

Last comment there, people seem to say that Ken Burns won't load, which would corroborate the no filesystem thing.

Any of the image slideshow screen savers work, and a few of the Quartz Composer screen savers too

Because images and files are located in /Library/ or /System/Library/
macOS images for slideshow screen savers are located here /Library/Screen Savers/Default Collections

but third party screensavers are not supported,

those storing prefs and/or files in user library ~/Library can't be supported.

and neither are RSS feeds, iPhoto based slideshows, or iTunes artwork.

because they need files located in user library or user folders.

[glouel]

Make sense ! Thanks @LvanProosdij for clarification.

[LvanProosdij]

I would add to this that installing for all users should do most of this for you already

What do you mean by "installing for all users" ? By default macOS "install screen savers for all users". When you double click Aerial.saver file after uncompressing the downloaded archive, macOS does automatically store Aerial.saver in /Library/Screen Savers/

What do you mean by "should do most of this for you already" ? Locating prefs and caches is hard coded in developers code. Currently even if Aerial is located in /Library/Screen Savers/ it does store it's prefs in users ~Library/Preferences/ByHost/

[glouel]

What do you mean by "installing for all users" ? By default macOS "install screen savers for all users". When you double click Aerial.saver file after uncompressing the downloaded archive, macOS does automatically store Aerial.saver in /Library/Screen Savers/

Pretty sure that's no longer the default, here it defaults to current user only when installing a screensaver on Mojave. You can override at install though.

What do you mean by "should do most of this for you already" ? Locating prefs and caches is hard coded in developers code. Currently even if Aerial is located in /Library/Screen Savers/ it does store it's prefs in users ~Library/Preferences/ByHost/

Cache can be overridden manually. But that's what I meant by "most", yes. I didn't write the Preferences code so I'm not sure if it tries to use global preferences. If not it will fail but that's fixable.

[LvanProosdij]

Pretty sure that's no longer the default, here it defaults to current user only when installing a screensaver on Mojave. You can override at install though.

On macOS Mojave the user is asked if he want "user only" or "all users" install.
If the screen saver was already installed, macOS just update it without asking location.

[LvanProosdij]

I didn't write the Preferences code so I'm not sure if it tries to use global preferences. If not it will fail but that's fixable.

Solution would be to locate prefs and caches according to Aerial.saver location, user library or main library.

[glouel]

According to code, Aerial uses ScreenSaverDefaults which wraps userDefaults

Using global preferences requires usage of the low level CFPreferences

There may be some permission issue (or not, hard to tell) since we are running as a plugin to either ScreenSaverEngine or SystemPreferences (which is why Apple provides the ScreenSaverDefaults wrapper). Probably not a trivial change but if you want to explore this we definitely welcome PRs.

[LvanProosdij]

but if you want to explore this we definitely welcome PRs

I haven't coded since GS OS and MacOS 9 ;-)
I was planning to put my hands in code again, learning Swift. Will do that in a few weeks when getting my new Mac. But don't expect any brilliant coding before long :-)

[dvtch]

Further reading, I just don't think it is possible and that is through more of Apple's sandboxing than a shortcoming of Aerial. There are too many variables since pre-configured preferences are part of this deployment to ensure cache location and such are set automatically on each client. That side of it, the deployment-side, took some tweaking with munki/outset scripting but I got it deploying the settings per client quite nicely. Aerial would load during a desktop session and applied all the settings I required.

It's just that this isn't the kind of screen saver which can load at the login window, is all.

[LvanProosdij]

I did some testing, macOS (Mojave) simply do not even try to execute any third party screensaver while at login screen. Even if locating the third party screensaver in /System/Library/Screen Savers and disabling System Integrity Protection (SIP). It's probably for security reasons.

[glouel]

Even without SIP ? Wow ! Well, thanks a lot for checking this @LvanProosdij !

[dvtch]

Yeah, thanks for the testing @LvanProosdij - that would have been tedious.

[glouel]

Indeed ! I'll put a line about it on the readme for future reference.