Posted on 10-28-2011 01:53 PM
It is possible to create an acceptable use policy by creating a PolicyBanner.txt with graphics and placing it in /Library/Security.
When a user logs in before the login window the user has to click on the Accept button.
Apple seems to have over looked the fact that if you use mcx in your environemt to manage the com.apple.loginwindow.plist with key Loginwindowtext xxxxx the policy banner will never display your AUP and keep showing the loginwindowtext.
I have tried to get working both the AUP and login window text to no avail as both are separate required information.
I have looked at jss profile manager for 10.7 and cannot see a place to put the AUP.
Also seems the AUP is stopping the login window screen saver from activating which is essential to prevent screen burn ins.
Has any one else found out the same or got this working with both the login window text and AUP.
Posted on 10-28-2011 02:31 PM
This may be a dumb question, but why are you trying to manage both on 10.7? Why not set up your MCX to manage this on your 10.4 - 10.6.x Macs, and use AUP on your 10.7 Macs?
Posted on 10-28-2011 02:46 PM
Because I use WGM with specified computer groups with tonnes of manually added plist and to change the computer groups in WGM to OS dependant groups just to get AUP working for 10.7 is a major tasks.
Also a login window message is different from a AUP. Eg This computer is property of .... etc
Where as an AUP is an acceptable use policy all user must agree to comply with ITIL.
There is also some legal history why a login text is required. I can't remember exactly but it stemmed from some young guys hacking university computers many years ago. The university could not pursue legal action or something along those lines and that's why you see all computers having it today.
Appreciate others will use JSS for MCX but I'm not prepared to put all eggs in one basket. If there is a problem with my JSS then my most essential Mac management is screwed.
Posted on 10-31-2011 06:16 AM
You might consider moving your loginwindowtext / AUP policy into Casper's policies and out of WGM. That would let you use smart groups to apply loginwindowtext to pre-10.7 and AUP 10.7+ systems.
Walter Rowe, System Hosting
Enterprise Systems / OISM
walter.rowe at nist.gov<mailto:walter.rowe at nist.gov>