How about

jamf mcx

the problem with mcx settings is that you want to do this before the user logs in. Or run this and log them out.

My goal is to refresh MCX settings from Workgroup Manager on an OD server. I can successfully run mcxrefresh -n username from ARD or from a terminal without logging the user out. Doing it takes care of homesync issues and other permission settings like restricted applications.
I am not sure what jamf mcx is trying to do. Can you provide some explanation?

Sorry I assumed that you are using MCX settings from your JSS and not from OD.

If you are using MCX from your JSS

sudo jamf mcx

will refresh MCX settings that are applied via the JSS.

Gotcha. I have not made the leap to using Casper for MCX control yet. Maybe this on more argument to make the change.

Have you just though of running a script at logout that would delete the MCX settings locally then on login they would be refreshed by default.

I not 100% sure but MCX settings are applied at login and refreshing them when someone logs in doesn't apply those settings till they have logged out and in again.

Your problem is the Casper $3 variable. That ONLY works for policies using the login (or logout I think) trigger.

I use this line as a variable to determine who is currently logged in.
currentuser=/usr/bin/defaults read /Library/Preferences/com.apple.loginwindow lastUserName
It is 99% accurate. It can get confused if someone logs in via fast user switching.

Here is what you do...
Create a policy to run this script.
Triggered By: every15
Execution Frequency: Whatever you need.

Of course test this for your environment before going live.

#!/bin/sh

####################################################################################################

#

# ABOUT THIS PROGRAM

#

# NAME

#   GetMCXForCurrentUser.sh

#

#   Get the Casper Managed Prefs (MCX) for the currently logged in user.

#

####################################################################################################

#

# HISTORY

#

#   Version: 1.0

#

#   - Created by Eric Benfer on January 24th, 2012

# 

####################################################################################################

#

# DEFINE VARIABLES & READ IN PARAMETERS

#

####################################################################################################





# HARDCODED VALUES ARE SET HERE

mountPoint=$1

computerName=$2

username=$3

currentuser=`/usr/bin/defaults read /Library/Preferences/com.apple.loginwindow lastUserName`



/bin/echo "currentuser is $currentuser"



####################################################################################################

# 

# SCRIPT CONTENTS - DO NOT MODIFY BELOW THIS LINE

#

####################################################################################################





### Typical Functions you can call on. ###



#

### Ensure we are running this script as root ###

rootcheck () {

if [ "`/usr/bin/whoami`" != "root" ] ; then

  echo "script must be run as root"

  exit 0

fi

}

#################################################

#



rootcheck



# Use this line if you are using Caser to manage your MCX

#/usr/sbin/jamf mcx -username "$currentuser"



# Use this line If you are using Workgroup Manager and an OD server to manage your MCX

/usr/bin/mcxrefresh -n "$currentuser" 



exit 0;

This works like a charm! Thanks for the reply.

Just a little tip.

You can avoid the call to the external program whoami by doing something like this...

for sh:

rootcheck() {

    if [ ${EUID} -ne 0 ]; then

        echo "script must be run as root"

        exit 1

    fi

}

or bash:

rootcheck() {

    if [[ ${EUID} != 0 ]]; then

        echo "script must be run as root"

        exit 1

    fi

}

And you want a different exit code than 0 because that means there were no errors ;)