Thanks to a discussion on Apple's discussion boards: http://discussions.apple.com/thread.jspa?threadID=2235793&tstart=0
I was able to find a way to change the authorization to allow local admins to unlock the screen saver. Of course I could edit the file manually, but pishaw to that! Here's the command to change the file:
Don't forget your backup!
cp /etc/pam.d/screensaver /etc/pam.d/screensaver.backup
This should all be on one line. It will make a backup of the file and change the line.:
perl -i~backup -pe s/"account required pam_group.so no_warn group=admin,wheel fail_safe"/"account sufficient pam_group.so no_warn group=admin,wheel fail_safe"/g /etc/pam.d/screensaver
You can see that all we are changing is the "required" to "sufficient". Someone much smarter than I can comment and tell us what this is actually doing, but for my purpose this gets the done stamp.
I ssh'd into a laptop I was locked out of, ran this command, and was immediately able to unlock the screen saver. This should work through ARD, SSH, Payload Free Package (provided below), etc..
Here is a payload free package that will do this. Feel free to check out what the postflight script is doing.
Enjoy Mac Ninjas
Updated blog post! Using perl script instead of shell. 20100330