What is the best way to lock the dock so that no one can make changes to it. In the past we have used parental controls but this takes forever on 100 machines. I tried just doing it on one machine and sending the plist out.. same thing. Any ideas? Thanks!
Page 1 / 1
You can use workgroup manager to lock docks, one of the many advantages of a mac OD setup
Criss
I should clarify, we don't use OD and can't use manage preferences.
Open Directory is the way to go. Workgroup Manager makes it VERY easy.
Steve
--
Steven Diver, Network Manager
Adlai E. Stevenson High School / www.d125.org
Email: sdiver at d125.org / Phone: 847.415.4304
"Be not simply good, be good for something."
-Henry David Thoreau (1817-1862)
or if you dont have an od setup you could run wgm on the local clients and just import mcx settings for the dock for the specific user account.
jorge
You can do it using Open Directory or Casper Managed Preferences.
In Casper create a Managed Preference. Create Setting from Template >
com.apple.dock and do "Changes Disabled"
You want the contents-immutable key changed to true.
I need to do this without OD
Without Casper Managed Prefs as we have that turned off right now.
I need to do this via Casper.
Is this an impossible task?
If the "locked" dock is for a specific local user "student" could she create a User Environment package for that user that has the dock.plist and then set a login or logout policy for those computers to apply that package on an ongoing basis. Cache for offline use, too?
If you are not using Open Directory I don't think theres any downside to
turning on Casper Managed Preferences.
You could probably use plist buddy to modify the contents-immutable key in
com.apple.dock to True and run it on login, but that seems like a lot more
work.
create a server admin tools package and deploy that.
on one machine configure your dock settings via wgm and then in terminal export the mcx settings:
sudo /usr/bin/dscl . -mcxexport /Users/"account name here' > ~/Desktop/ mcx.txt
package up this mcx file and deploy it to the machines.
run this script via casper to import the mcx settings:
#!/bin/sh
/usr/bin/dscl . -mcximport /Users/"account name here" /path/to/mcx.txt
rm -f /mcx.txt
jorge
Can you change the owner on com.apple.dock.plist so that it can't be modified?
---
Jared F. Nichols
Desktop Engineer, Infrastructure & Operations
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436
We set up templates for the student user accounts that are cached
locally on the computer and upon each reboot a policy that is available
off line replaces the potentially changed student prefs such as dock
with the good cached and hidden template. Let me know if you want more
info on this.
The advantage for us was that I also created an applescript application
that allows our building level technical contacts to create the template
on their own and disperse it via ARD, the only help they need from us is
that we have to put the computers in the scope of the policy.
-Dusty-
Dustin Dorey
Technology Support Cluster Specialist
Independant School District 196
Rosemount-Apple Valley-Eagan Public Schools
dustin.dorey at district196.org
651|423|7971
what about self healing??
eric winkelhake
mundocomww
office 312 220 1669
cell 312 504 5155
How about using deep freeze?
Date: Wed, 5 Aug 2009 12:36:11 -0500
Take 20 minutes to explore Managed Preferences in the JSS. Turning it on
does nothing until you actually assign (scope) computers or computer groups
to it. Assign one machine to it for testing.
All machines phone home at login unless they cannot connect to the JSS for
some reason. The new settings will be applied then.
Very simple and very quick to set up. An elegant solution.
--
bill
William M. Smith, Technical Analyst
MCS IT
Merrill Communications, LLC
(651) 632-1492
Just to chime in yet another way...
Self healing log in hooks done by casper policy, and capture the dock with composer and make it a package. It will get deployed at every log in.
This is how we have done it (though we'll move to managed preferences in Casper this year). We have the Dock and environment packages apply at startup. So, a kid can mess with anything and if they do, restart the computer. Check the box to make available off-line and then it's just there on the machine from then on. It will make startup a tad slower, but we do it there so as kids log in and out there isn't the delay, only reboot if something is messed up.
Thanks,
John
--
John Wetter
Technology Support Administrator
Educational Technology, Media & Information Services
Hopkins Public Schools
952-988-5373
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.