• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1// Copyright 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5syntax = "proto2";
6
7option optimize_for = LITE_RUNTIME;
8
9package enterprise_management;
10
11message DevicePolicyRefreshRateProto {
12  // In milliseconds.
13  optional int64 device_policy_refresh_rate = 1;
14}
15
16message UserWhitelistProto {
17  // If a UserWhitelistProto is included in the ChromeDeviceSettingsProto but
18  // the user_whitelist field is empty then no user can sign-in.
19  repeated string user_whitelist = 1;
20}
21
22message AllowNewUsersProto {
23  // Determines whether we allow arbitrary users to log into the device.
24  // This interacts with the UserWhitelistProto as follows:
25  // allow_new_users | user_whitelist     | anyone can log in
26  //-----------------+--------------------+------------------
27  //  present, true  | not present        | Yes
28  //-----------------+--------------------+------------------
29  //  present, true  | present            | Yes
30  //-----------------+--------------------+------------------
31  //  present, false | not present        | (Broken) Yes
32  //-----------------+--------------------+------------------
33  //  present, false | present            | No, W/L enforced
34  //-----------------+--------------------+------------------
35  //  not present    | not present        | Yes
36  //-----------------+--------------------+------------------
37  //  not present    | present, empty     | Yes
38  //-----------------+--------------------+------------------
39  //  not present    | present, non-empty | No, W/L enforced
40  //-----------------+--------------------+------------------
41  optional bool allow_new_users = 1 [default = true];
42}
43
44message GuestModeEnabledProto {
45  // Determines if guests are allowed to log in to the device.
46  optional bool guest_mode_enabled = 1 [default = true];
47}
48
49message ShowUserNamesOnSigninProto {
50  // Determines if we show pods for existing users on the sign in screen.
51  optional bool show_user_names = 1 [default = true];
52}
53
54message DataRoamingEnabledProto {
55  // Determines if cellular data roaming is enabled.
56  optional bool data_roaming_enabled = 1 [default = false];
57}
58
59message DeviceProxySettingsProto {
60  // One of "direct", "auto_detect", "pac_script", "fixed_servers", "system"
61  optional string proxy_mode = 1;
62  optional string proxy_server = 2;
63  optional string proxy_pac_url = 3;
64  optional string proxy_bypass_list = 4;
65}
66
67// This is used by chromeos, make sure to do cleanup there before marking it as
68// obsolette.
69message CameraEnabledProto {
70  optional bool camera_enabled = 1;
71}
72
73message MetricsEnabledProto {
74  optional bool metrics_enabled = 1;
75}
76
77message ReleaseChannelProto {
78  // One of "stable-channel", "beta-channel", or "dev-channel"
79  optional string release_channel = 1;
80
81  // If |release_channel_delegated| is set to true and the |release_channel|
82  // field is not set or left empty, the user can select the channel. If the
83  // |release_channel| is specified it will always override users choice!
84  optional bool release_channel_delegated = 2;
85}
86
87message DeviceOpenNetworkConfigurationProto {
88  // The network configuration blob. This is a JSON string as specified by ONC.
89  optional string open_network_configuration = 1;
90}
91
92// Policies to turn on portions of the device status reports.
93message DeviceReportingProto {
94  optional bool report_version_info = 1;
95  optional bool report_activity_times = 2;
96  optional bool report_boot_mode = 3;
97  optional bool report_location = 4;
98  optional bool report_network_interfaces = 5;
99  optional bool report_users = 6;
100}
101
102message EphemeralUsersEnabledProto {
103  // Determines whether users should be treated as ephemeral. In ephemeral users
104  // mode, no cryptohome is created for the user, but a tmpfs mount is used
105  // instead such that upon logout all user state is discarded.
106  optional bool ephemeral_users_enabled = 1;
107}
108
109// Details of an extension to install as part of the AppPack.
110message AppPackEntryProto {
111  optional string extension_id = 1;
112  optional string update_url = 2;
113
114  // This field was added but never used and there are no plans to support it
115  // eventually either.
116  optional bool OBSOLETE_online_only = 3 [deprecated = true];
117}
118
119message AppPackProto {
120  // List of extensions to install as part of the AppPack.
121  repeated AppPackEntryProto app_pack = 1;
122}
123
124// This is a special policy for kiosk/retail mode that specifies what apps
125// should be pinned to the launcher. For regular accounts, pinned apps are
126// controlled through user policy.
127message PinnedAppsProto {
128  // App IDs for the apps to pin.
129  repeated string app_id = 1;
130}
131
132message ForcedLogoutTimeoutsProto {
133  // All timeouts are specified in milliseconds.
134
135  // Specifies the timeout before an idle user session is terminated.
136  // If this field is omitted or set to 0, no logout on idle will be performed.
137  optional int64 idle_logout_timeout = 1;
138
139  // Specifies the duration of a warning countdown before the user is logged out
140  // because of idleness as specified by the |idle_logout_timeout| value.
141  // This field is only used if |idle_logout_timeout| != 0 is specified.
142  optional int64 idle_logout_warning_duration = 2;
143}
144
145message ScreenSaverProto {
146  // Specifies the extension ID which is to be used as a screen saver on the
147  // login screen if no user activity is present. Only respected if the device
148  // is in RETAIL mode.
149  optional string screen_saver_extension_id = 1;
150
151  // Specifies the timeout before the screen saver is activated. If this field
152  // is omitted or set to 0, no screen-saver will be started.
153  // Measured in milliseconds.
154  optional int64 screen_saver_timeout = 2;
155}
156
157// Enterprise controls for auto-update behavior of Chrome OS.
158message AutoUpdateSettingsProto {
159  // True if we don't want the device to auto-update (target_version_prefix is
160  // ignored in this case).
161  optional bool update_disabled = 1;
162
163  // Specifies the prefix of the target version we want the device to
164  // update to, if it's on a older version. If the device is already on
165  // a version with the given prefix, then there's no effect. If the device is
166  // on a higher version, it will remain on the higher version as we
167  // don't support rollback yet. The format of this version can be one
168  // of the following:
169  // ---------------------------------------------------------------------
170  // "" (or not set at all): update to latest version available.
171  // 1412.: update to any minor version of 1412 (e.g. 1412.24.34 or 1412.60.2)
172  // 1412.2.: update to any minor version of 1412.2 (e.g. 1412.2.34 or 1412.2.2)
173  // 1412.24.34: update to this specific version only
174  // ---------------------------------------------------------------------
175  optional string target_version_prefix = 2;
176
177  // The Chrome browser version (e.g. "17.*") corresponding to the
178  // target_version_prefix above. The target_version_prefix is the internal OS
179  // version that external users normally are not aware of. This display_name
180  // can be used by the devices to display a message to end-users about the auto
181  // update setting.
182  optional string target_version_display_name = 3;
183
184  // Specifies the number of seconds up to which a device may randomly
185  // delay its download of an update from the time the update was first pushed
186  // out to the server. The device may wait a portion of this time in terms
187  // of wall-clock-time and the remaining portion in terms of the number of
188  // update checks. In any case, the scatter is upper bounded by a constant
189  // amount of time so that a device does not ever get stuck waiting to download
190  // an update forever.
191  optional int64 scatter_factor_in_seconds = 4;
192
193  // Enumerates network connection types.
194  enum ConnectionType {
195    CONNECTION_TYPE_ETHERNET = 0;
196    CONNECTION_TYPE_WIFI = 1;
197    CONNECTION_TYPE_WIMAX = 2;
198    CONNECTION_TYPE_BLUETOOTH = 3;
199    CONNECTION_TYPE_CELLULAR = 4;
200  }
201
202  // The types of connections that are OK to use for OS updates. OS updates
203  // potentially put heavy strain on the connection due to their size and may
204  // incur additional cost. Therefore, they are by default not enabled for
205  // connection types that are considered expensive, which include WiMax,
206  // Bluetooth and Cellular at the moment.
207  repeated ConnectionType allowed_connection_types = 5;
208
209  // This has been replaced by |reboot_after_update| below.
210  optional bool OBSOLETE_reboot_after_update = 6 [deprecated = true];
211
212  // True if AU payloads can be downloaded via HTTP. False otherwise.
213  optional bool http_downloads_enabled = 7 [default = false];
214
215  // True if the device should reboot automatically when an update has been
216  // applied and a reboot is required to complete the update process.
217  //
218  // Note: Currently, automatic reboots are only enabled while the login screen
219  // is being shown or a kiosk app session is in progress. This will change in
220  // the future and the policy will always apply, regardless of whether a
221  // session of any particular type is in progress or not.
222  optional bool reboot_after_update = 8;
223
224  // True if AU payloads may be shared with and consumed from other devices
225  // on the LAN, using p2p. False otherwise.
226  optional bool p2p_enabled = 9 [default = false];
227}
228
229message StartUpUrlsProto {
230  // Specifies the URLs to be loaded on login to the anonymous account used if
231  // the device is in RETAIL mode.
232  repeated string start_up_urls = 1;
233}
234
235message SystemTimezoneProto {
236  // Specifies an owner-determined timezone that applies to the login screen and
237  // all users. Valid values are listed in "timezone_settings.cc". Additionally,
238  // timezones from the "IANA Time Zone Database" (e.g. listed on wikipedia)
239  // that are equivalent to one of the timezones in "timezone_settings.cc" are
240  // valid. In case of an invalid value, the setting is still activated with a
241  // fallback timezone (currently "GMT"). In case of an empty string or if no
242  // value is provided, the timezone device setting is inactive. In that case,
243  // the currently active timezone will remain in use however users can change
244  // the timezone and the change is persistent. Thus a change by one user
245  // affects the login-screen and all other users.
246  optional string timezone = 1;
247}
248
249message SystemUse24HourClockProto {
250  // Specifies an owner-determined clock format that applies to the login
251  // screen and is used as a default for all user sessions. Users can still
252  // override the format to use for their account.
253  //
254  // True and false select a 24 and 12 hour clock format, respectively. The
255  // default format for the case the setting is not present is 24 hour clock.
256  optional bool use_24hour_clock = 1;
257}
258
259// Parameters for Kiosk App device-local accounts.
260message KioskAppInfoProto {
261  // Indicates the Kiosk App for the corresponding device-local account. The
262  // string value should be a valid 32-character Chrome App identifier and
263  // specifies the Kiosk App to download and run.
264  optional string app_id = 1;
265
266  // Obsolete: Kiosk Apps can only be installed from the Chrome Web Store.
267  optional string OBSOLETE_update_url = 2 [deprecated = true];
268}
269
270// Describes a single device-local account.
271message DeviceLocalAccountInfoProto {
272  // Deprecated: Account identifier for a public session device-local account.
273  // Old code didn't have the |type| field, so it can't handle new types of
274  // device-local accounts gracefully (i.e. ignoring unsupported types). New
275  // code should instead set type to ACCOUNT_TYPE_PUBLIC_SESSION and write the
276  // identifier to the |account_id| field below. If the |type| field is present,
277  // |deprecated_public_session_id| will be ignored.
278  optional string deprecated_public_session_id = 1;
279
280  // Identifier for the device-local account. This is an opaque identifier that
281  // is used to distinguish different device-local accounts configured. All
282  // configured accounts on a device must have unique identifiers.
283  optional string account_id = 2;
284
285  // Indicates the type of device-local account.
286  enum AccountType {
287    // A login-less, policy-configured browsing session.
288    ACCOUNT_TYPE_PUBLIC_SESSION = 0;
289    // An account that serves as a container for a single full-screen app.
290    ACCOUNT_TYPE_KIOSK_APP = 1;
291  };
292
293  // The account type.
294  optional AccountType type = 3;
295
296  // Kiosk App parameters, relevant if |type| is ACCOUNT_TYPE_KIOSK_APP.
297  optional KioskAppInfoProto kiosk_app = 4;
298}
299
300message DeviceLocalAccountsProto {
301  // The list of device-local accounts (i.e. accounts without an associated
302  // cloud-backed profile) that are available on the device.
303  repeated DeviceLocalAccountInfoProto account = 1;
304
305  // The identifier of the device-local account to which the device
306  // should be logged in automatically.  Should be equal to one of the
307  // ids in DeviceLocalAccountInfoProto.
308  optional string auto_login_id = 2;
309
310  // The amount of time, in milliseconds, that should elapse at the signin
311  // screen without user interaction before automatically logging in.
312  optional int64 auto_login_delay = 3;
313
314  // Whether the keyboard shortcut to prevent zero-delay auto-login should be
315  // enabled or not. By default, the user has 3 seconds to press a shortcut
316  // to prevent auto-login, which is useful to sign-in to a regular user session
317  // and configure the machine. If this policy is set to false then this
318  // shortcut is disabled and there is no way to skip auto-login.
319  optional bool enable_auto_login_bailout = 4 [default = true];
320
321  // Whether network configuration should be offered or not when the device
322  // does not have access to the Internet. If the policy is omitted or set to
323  // true, the network configuration will be offered. Otherwise, only an error
324  // message is displayed.
325  // Note: If both this policy and enable_auto_login_bailout policy above is
326  // set to false, there are chances that the device might become totally
327  // unusable when there is no Internet access and has to go through the
328  // recovery process.
329  // If the device is offline at startup then the network configuration screen
330  // is always shown, before auto-login kicks in.
331  optional bool prompt_for_network_when_offline = 5 [default = true];
332}
333
334message AllowRedeemChromeOsRegistrationOffersProto {
335  // Chrome OS Registration service provides way for chromeos device users
336  // to redeem electronic offers provided by service provider.
337  // This value determines if users are allowed to redeem offers through
338  // Chrome OS Registration service.
339  optional bool allow_redeem_offers = 1 [default = true];
340}
341
342message StartUpFlagsProto {
343  // The list of flags to be applied to chrome on start-up (back up store for
344  // owner set flags in about:flags).
345  repeated string flags = 1;
346}
347
348message UptimeLimitProto {
349  // This has been replaced by |uptime_limit| below.
350  optional int64 OBSOLETE_uptime_limit = 1 [deprecated = true];
351
352  // Sets the length of device uptime after which an automatic reboot is
353  // scheduled. An automatic reboot is scheduled at the selected time but may be
354  // delayed on the device by up to 24 hours, e.g. if a user is currently using
355  // the device or an app/extension has requested reboots to be inhibited
356  // temporarily. The policy value should be specified in seconds.
357  //
358  // Note: Currently, automatic reboots are only enabled while the login screen
359  // is being shown or a kiosk app session is in progress. This will change in
360  // the future and the policy will always apply, regardless of whether a
361  // session of any particular type is in progress or not.
362  optional int64 uptime_limit = 2;
363}
364
365message VariationsParameterProto {
366  // The string for the restrict parameter to be appended to the Variations URL
367  // when pinging the Variations server.
368  optional string parameter = 1;
369}
370
371message AttestationSettingsProto {
372  // Attestation involves proving that a cryptographic key is protected by a
373  // legitimate Chrome OS TPM and reporting the operating mode of the platform.
374  // This setting enables enterprise attestation features at a device level.  If
375  // this is enabled a machine key will be generated and certified by the Chrome
376  // OS CA.  If this setting is disabled, even users with attestation settings
377  // enabled will not be able to use those features on the device.
378  optional bool attestation_enabled = 1 [default = false];
379
380  // Chrome OS devices can use remote attestation (Verified Access) to get a
381  // certificate issued by the Chrome OS CA that asserts the device is eligible
382  // to play protected content.  This process involves sending hardware
383  // endorsement information to the Chrome OS CA which uniquely identifies the
384  // device.  This setting allows this feature to be disabled for the device
385  // regardless of any user-specific settings.
386  optional bool content_protection_enabled = 2 [default = true];
387}
388
389message AccessibilitySettingsProto {
390  // Sets the default state of the large cursor accessibility feature on the
391  // login screen. If this policy is set to true, the large cursor will be
392  // enabled when the login screen is shown. If this policy is set to false, the
393  // large cursor will be disabled when the login screen is shown. Users can
394  // temporarily override this setting by enabling or disabling the large
395  // cursor. However, the user's choice is not persistent and the default is
396  // restored whenever the login screen is shown anew or the user remains idle
397  // on the login screen for a minute. If this policy is left unset, the large
398  // cursor is disabled when the login screen is first shown. Users can enable
399  // or disable the large cursor anytime and its status on the login screen is
400  // persisted between users.
401  optional bool login_screen_default_large_cursor_enabled = 1;
402
403  // Sets the default state of the spoken feedback accessibility feature on the
404  // login screen. If this policy is set to true, spoken feedback will be
405  // enabled when the login screen is shown. If this policy is set to false,
406  // spoken feedback will be disabled when the login screen is shown. Users can
407  // temporarily override this setting by enabling or disabling spoken feedback.
408  // However, the user's choice is not persistent and the default is restored
409  // whenever the login screen is shown anew or the user remains idle on the
410  // login screen for a minute. If this policy is left unset, spoken feedback is
411  // disabled when the login screen is first shown. Users can enable or disable
412  // spoken feedback anytime and its status on the login screen is persisted
413  // between users.
414  optional bool login_screen_default_spoken_feedback_enabled = 2;
415
416  // Sets the default state of the high contrast mode accessibility feature on
417  // the login screen. If this policy is set to true, high contrast mode will be
418  // enabled when the login screen is shown. If this policy is set to false,
419  // high contrast mode will be disabled when the login screen is shown. Users
420  // can temporarily override this setting by enabling or disabling high
421  // contrast mode. However, the user's choice is not persistent and the default
422  // is restored whenever the login screen is shown anew or the user remains
423  // idle on the login screen for a minute. If this policy is left unset, high
424  // contrast mode is disabled when the login screen is first shown. Users can
425  // enable or disable high contrast mode anytime and its status on the login
426  // screen is persisted between users.
427  optional bool login_screen_default_high_contrast_enabled = 3;
428
429  // Enumerates the screen magnifier types.
430  enum ScreenMagnifierType {
431    // Screen magnifier disabled.
432    SCREEN_MAGNIFIER_TYPE_NONE = 0;
433    // Full-screen magnifier enabled.
434    SCREEN_MAGNIFIER_TYPE_FULL = 1;
435  };
436
437  // Sets the default type of screen magnifier that is enabled on the login
438  // screen. If this policy is set, it controls the type of screen magnifier
439  // that is enabled when the login screen is shown. Users can temporarily
440  // override this setting by enabling or disabling the screen magnifier.
441  // However, the user's choice is not persistent and the default is restored
442  // whenever the login screen is shown anew or the user remains idle on the
443  // login screen for a minute. If this policy is left unset, the screen
444  // magnifier is disabled when the login screen is first shown. Users can
445  // enable or disable the screen magnifier anytime and its status on the login
446  // screen is persisted between users.
447  optional ScreenMagnifierType login_screen_default_screen_magnifier_type = 4;
448
449  // Sets the default state of the on-screen keyboard accessibility feature on
450  // the login screen. If this policy is set to true, the on-screen keyboard
451  // will be enabled when the login screen is shown. If this policy is set to
452  // false, the on-screen keyboard will be disabled when the login screen is
453  // shown. Users can temporarily override this setting by enabling or disabling
454  // the on-screen keyboard. However, the user's choice is not persistent and
455  // the default is restored whenever the login screen is shown anew or the user
456  // remains idle on the login screen for a minute. If this policy is left
457  // unset, the on-screen keyboard is disabled when the login screen is first
458  // shown. Users can enable or disable the on-screen keyboard anytime and its
459  // status on the login screen is persisted between users.
460  optional bool login_screen_default_virtual_keyboard_enabled = 5;
461}
462
463message SupervisedUsersSettingsProto {
464  // Defines whether supervised users can be created on the device.
465  optional bool supervised_users_enabled = 1;
466}
467
468message LoginScreenPowerManagementProto {
469  // Configures power management on the login screen. The policy should be
470  // specified as a string that expresses the individual settings in JSON
471  // format, conforming to the following schema:
472  // {
473  //   "type": "object",
474  //   "properties": {
475  //     "AC": {
476  //       "description": "Power management settings applicable only when
477  //                       running on AC power",
478  //       "type": "object",
479  //       "properties": {
480  //         "Delays": {
481  //           "type": "object",
482  //           "properties": {
483  //             "ScreenDim": {
484  //               "description": "The length of time without user input after
485  //                               which the screen is dimmed, in milliseconds",
486  //               "type": "integer",
487  //               "minimum": 0
488  //             },
489  //             "ScreenOff": {
490  //               "description": "The length of time without user input after
491  //                               which the screen is turned off, in
492  //                               milliseconds",
493  //               "type": "integer",
494  //               "minimum": 0
495  //             },
496  //             "Idle": {
497  //               "description": "The length of time without user input after
498  //                               which the idle action is taken, in
499  //                               milliseconds",
500  //               "type": "integer",
501  //               "minimum": 0
502  //             }
503  //           }
504  //         },
505  //         "IdleAction": {
506  //           "description": "Action to take when the idle delay is reached",
507  //           "enum": [ "Suspend", "Shutdown", "DoNothing" ]
508  //         }
509  //       }
510  //     },
511  //     "Battery": {
512  //       "description": "Power management settings applicable only when
513  //                       running on battery power",
514  //       "type": "object",
515  //       "properties": {
516  //         "Delays": {
517  //           "type": "object",
518  //           "properties": {
519  //             "ScreenDim": {
520  //               "description": "The length of time without user input after
521  //                               which the screen is dimmed, in milliseconds",
522  //               "type": "integer",
523  //               "minimum": 0
524  //             },
525  //             "ScreenOff": {
526  //               "description": "The length of time without user input after
527  //                               which the screen is turned off, in
528  //                               milliseconds",
529  //               "type": "integer",
530  //               "minimum": 0
531  //             },
532  //             "Idle": {
533  //               "description": "The length of time without user input after
534  //                               which the idle action is taken, in
535  //                               milliseconds",
536  //               "type": "integer",
537  //               "minimum": 0
538  //             }
539  //           }
540  //         },
541  //         "IdleAction": {
542  //           "description": "Action to take when the idle delay is reached",
543  //           "enum": [ "Suspend", "Shutdown", "DoNothing" ]
544  //         }
545  //       }
546  //     },
547  //     "LidCloseAction": {
548  //       "description": "Action to take when the lid is closed",
549  //       "enum": [ "Suspend", "Shutdown", "DoNothing" ]
550  //     },
551  //     "UserActivityScreenDimDelayScale": {
552  //       "description": "Percentage by which the screen dim delay is scaled
553  //                       when user activity is observed while the screen is
554  //                       dimmed or soon after the screen has been turned off",
555  //       "type": "integer",
556  //       "minimum": 0
557  //     }
558  //   }
559  // }
560  optional string login_screen_power_management = 1;
561}
562
563message AutoCleanupSettigsProto {
564  // Deprecated.  There is only one disk-full cleanup strategy: LRU.
565  optional string clean_up_strategy = 1;
566}
567
568// Settings that control low-level functions of the system.
569message SystemSettingsProto {
570  // Whether developer mode is allowed on the device. If the device owner sets
571  // this flag to true, the system will refuse to boot and show an error screen
572  // when the developer switch is turned on.
573  optional bool block_devmode = 1;
574}
575
576// Settings that control login for SAML users.
577message SAMLSettingsProto {
578  // Whether cookies set by a SAML IdP should be transferred to users' profiles
579  // every time a user authenticates via SAML during login. If false, cookies
580  // are transferred during each user's first login only.
581  optional bool transfer_saml_cookies = 1;
582}
583
584message ChromeDeviceSettingsProto {
585  optional DevicePolicyRefreshRateProto device_policy_refresh_rate = 1;
586  optional UserWhitelistProto user_whitelist = 2;
587  optional GuestModeEnabledProto guest_mode_enabled = 3;
588  optional DeviceProxySettingsProto device_proxy_settings = 4;
589  optional CameraEnabledProto camera_enabled = 5;
590  optional ShowUserNamesOnSigninProto show_user_names = 6;
591  optional DataRoamingEnabledProto data_roaming_enabled = 7;
592  optional AllowNewUsersProto allow_new_users = 8;
593  optional MetricsEnabledProto metrics_enabled = 9;
594  optional ReleaseChannelProto release_channel = 10;
595  optional DeviceOpenNetworkConfigurationProto open_network_configuration = 11;
596  optional DeviceReportingProto device_reporting = 12;
597  optional EphemeralUsersEnabledProto ephemeral_users_enabled = 13;
598  optional AppPackProto app_pack = 14;
599  optional ForcedLogoutTimeoutsProto forced_logout_timeouts = 15;
600  optional ScreenSaverProto login_screen_saver = 16;
601  optional AutoUpdateSettingsProto auto_update_settings = 17;
602  optional StartUpUrlsProto start_up_urls = 18;
603  optional PinnedAppsProto pinned_apps = 19;
604  optional SystemTimezoneProto system_timezone = 20;
605  optional DeviceLocalAccountsProto device_local_accounts = 21;
606  optional AllowRedeemChromeOsRegistrationOffersProto allow_redeem_offers = 22;
607  optional StartUpFlagsProto start_up_flags = 23;
608  optional UptimeLimitProto uptime_limit = 24;
609  optional VariationsParameterProto variations_parameter = 25;
610  optional AttestationSettingsProto attestation_settings = 26;
611  optional AccessibilitySettingsProto accessibility_settings = 27;
612  optional SupervisedUsersSettingsProto supervised_users_settings = 28;
613  optional LoginScreenPowerManagementProto login_screen_power_management = 29;
614  optional SystemUse24HourClockProto use_24hour_clock = 30;
615  optional AutoCleanupSettigsProto auto_clean_up_settings = 31;
616  optional SystemSettingsProto system_settings = 32;
617  optional SAMLSettingsProto saml_settings = 33;
618}
619