Ran into a problem when I tried adding some MCX profiles that were created to be used with 10.6 on a test Mountain Lion machine. The profiles work correctly but when I remove the machine from the MCX profile, the settings keep reappearing in /Library/Managed Preferences, and even if I delete the files manually they reappear after a reboot seemingly without even checking in with the JSS. Is there something that I'm missing or should I recreate as much of the functionality as I can with the Profile Manager method?
Answer
Is MCX broken in Mountain Lion?
+4Best answer by jhbush
Craig, you may want to have a look at this Kbase article. https://jamfnation.jamfsoftware.com/article.html?id=144
+27Craig, you may want to have a look at this Kbase article. https://jamfnation.jamfsoftware.com/article.html?id=144
+4Thanks for the tip Jason, I figured it was something ridiculously simple. The -mcxdelete command took care of getting rid of those settings, still not sure what caused it to stick like that though.
+13It feels like directory services takes the mcx commands as input, and caches the end result as a managed user experience. Sometimes, deleting the mcx files doesn't seem to make any change, but adding a different mcx plist will.
I occasionally set scripts with -mcxdelete flags at both user and computer level, then jamf commands to pull down new mcx. This seems to do the trick pretty well.
+13Here is my script I run when troubleshooting MCX from the Casper Suite. It has a verbose shell so everything (and i mean EVERYTHING) is visible in the policy logs.
If anybody else feels like adding/modifying/correcting, please comment back to this thread. :)
#!/bin/bash -v
exec 2>&1
# Written by Douglas Worley
# v2.0 on June 1 2012
# Verify that the user is running this script with Super User credentials.
[ $EUID != 0 ] && echo "This script requires root privileges, please run "sudo $0"" && exit 1
# determine current user
CurrentUser=`/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'`
# To remove User-Level MCX Settings:
dscl . -mcxdelete /Users/$CurrentUser
## if command was successful, output success
if [ "$?" = "0" ]
then
echo "Successfully removed user-level MCX Settings for $CurrentUser."
## if command was unsuccessful, output error message
else
echo "NOTICE - Unable to remove user-level MCX Settings for $CurrentUser."
echo " - Is the computer managed?"
fi
sleep 1
echo ""
# To remove System-Level MCX Settings:
dscl . -mcxdelete /Computers/localhost
## if command was successful, output success
if [ "$?" = "0" ]
then
echo "Removed system-level MCX Settings."
## if command was unsuccessful, output error message
else
echo "NOTICE - Unable to remove system-level MCX Settings."
echo " - Is the computer managed?"
fi
sleep 1
echo ""
# nuke the files
rm -R /Library/Managed Preferences/
## if command was successful, output success
if [ "$?" = "0" ]
then
echo "Removed cached MCX files."
## if command was unsuccessful, output error message
else
echo "NOTICE - Unable to remove cached MCX files."
echo " - Is the path /Library/Managed Preferences valid?"
fi
sleep 1
echo ""
echo "Pulling down new global management policies"
/usr/sbin/jamf mcx -verbose
## if command was successful, output success
if [ "$?" = "0" ]
then
echo "Successfully pulled down new global management policies"
## if command was unsuccessful, output error message
else
echo "NOTICE - Pull down new global management policies from the JSS"
echo " - Is the computer managed?"
fi
sleep 1
echo ""
echo "Pulling down new user specific management policies for $CurrentUser"
/usr/sbin/jamf mcx –username $CurrentUser -verbose
## if command was successful, output success
if [ "$?" = "0" ]
then
echo "Successfully pulled down new user specific management policies for $CurrentUser"
## if command was unsuccessful, output error message
else
echo "NOTICE - Unable to pull down new user specific management policies for $CurrentUser"
echo " - Is the computer managed?"
fi
sleep 1Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.