I have a MCX that disables the user from using the security, sharing, and users and group system prefrences pane. It works great and they see it grayed out. What I want to do is create a troubleshooting document for our techs if they need to troubleshoot something. I read somewhere that you can disable MCX if you are logged in as an admin. Can someone provide information on how to do it? I read that you have to hold down the option key, but not sure at what point you need to do that (login?).
Question
Disable MCX for admin user
+16+14Login policy scoped to All Computers limited to specific tech local account sudo rm -rf /Library/Managed Preferences/TechAccountName
works well for us
+16Awesome...works great!
+5Or...you could just modify their MCX or Profile settings to allow this explicitly:
Under either Management Style, check for Login Window-> Options
"Computer administrators may refresh or disable management"
...if a local admin logs in, it will prompt them to either lift restrictions temporarily (for that session), allow them for the session, or refresh them (if MCX)
I am interested in how this setting works. "Computer administrators may refresh or disable management" I use profile manager to manage some systems and I force the start screen saver after 5 minutes setting. However i would like to change this locally on the machines and override this. If I enable the "Computer administrators may refresh or disable management" can I log in to the machine as admin and change the screen saver setting to say 15 minutes and then make the change stick on the machine. I would like to still have the machine using profile manager with its current settings, I just would like to override just a few machine in my network to have a different screen saver setting then all the others without making multiple profiles.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.