Jamf Nation Community

roiegat · ‎11-30-2012

I have a MCX that disables the user from using the security, sharing, and users and group system prefrences pane. It works great and they see it grayed out. What I want to do is create a troubleshooting document for our techs if they need to troubleshoot something. I read somewhere that you can disable MCX if you are logged in as an admin. Can someone provide information on how to do it? I read that you have to hold down the option key, but not sure at what point you need to do that (login?).

AndyBeaver · ‎11-30-2012

Login policy scoped to All Computers limited to specific tech local account sudo rm -rf /Library/Managed Preferences/TechAccountName

works well for us

roiegat · ‎11-30-2012

Awesome...works great!

tkimpton · ‎11-30-2012

Great idea :)

kalikkalik · ‎12-02-2012

Or...you could just modify their MCX or Profile settings to allow this explicitly:

Under either Management Style, check for Login Window-> Options
"Computer administrators may refresh or disable management"

...if a local admin logs in, it will prompt them to either lift restrictions temporarily (for that session), allow them for the session, or refresh them (if MCX)

tseckman · ‎08-29-2014

I am interested in how this setting works. "Computer administrators may refresh or disable management" I use profile manager to manage some systems and I force the start screen saver after 5 minutes setting. However i would like to change this locally on the machines and override this. If I enable the "Computer administrators may refresh or disable management" can I log in to the machine as admin and change the screen saver setting to say 15 minutes and then make the change stick on the machine. I would like to still have the machine using profile manager with its current settings, I just would like to override just a few machine in my network to have a different screen saver setting then all the others without making multiple profiles.

Jamf Nation Community

Disable MCX for admin user