Desktop Authority is a similar toolkit on the Windows platform to what JAMF does, and I was just shown a very cool feature. When assigning policies to a particular setting you can set IF / BUT NOT etc in a rather boolean way to exclude an individual from a managed preference profile.
On JAMF the same thing could be done by creating separate groups for "yes allow this preference" or "do not allow this preference" for each for each policy or preference, but that doesn't scale very well. This is similar to the limitations in relying on POSIX permissions on a big scale, and why ACLs are superior for allowing granular exclusions to general settings.
Or, I could set a separate MCX profile where that setting is set to "not managed" as an exclusion, but that strips off the logic into multiple policies. It could be confusing to hunt down odd eccentricities in a pinch.
Could a similar exclusion list be available to the generic MCX profile creation page?
Thanks!
- D
