Feedback please on MCX, Lion Profiles, OD vs JSS

tanderson
Contributor

We're finally going to be moving to Lion over the next several months and will have a big batch of Lion systems coming on campus in early August. Historically, we've done MCX with OD and all at the computer/computer group level.

With Configuration Profiles in Lion, I'm considering making the switch to using Profiles through the JSS. It looks like they'll provide most of what we're doing now with MCX. I do have some questions.

- Any issues using MCX (for things like app settings) and Profiles in tandem or is it a pick one and stick with it situation?
- Or instead of MCX is the proper method uploading the app settings plist files into a profile?

What are you guys doing with your Lion systems? If you're using the JSS for Profiles and MCX is that working well for you?

Thanks in advance.

Tom

2 REPLIES 2

tmalo627
New Contributor

I was advised by Apple engineers that they recommend to use Configuration Profiles if you have only Lion clients. If you have a mixed environment, you should do all of your management with MCX. That way all of your management is coming from one place. You won't have to worry about possibly conflicting policies.

imperatives
New Contributor III

We are in the process of moving all of our mac labs from Open Directory MCX management to Configuration Profiles using the JSS. I would recommend creating some test Profiles, taking note of the differences between the Computer and User settings. There are some essential Active Directory user account settings that are only available in the User side of Profiles. I had initially created some MCX policies for Office 2011, Safari, Finder, Desktop, and the Dock after I didn't see the necessary setting in the Profiles section. However, I was able to successfully convert and deploy some .plists and add them to the Custom Profile section. To get them to apply properly I had to remove the unnecessary state information (e.g. never, once, always) from the files. You should be able to replicate any Managed Client Preference as a custom Configuration Profile. After some fiddling around the profiles seem to be working well now.

In the absence of documented best practices I started to structure our configuration policies similarly to Active Directory Group Policies. I created a basic set of User and Computer profiles since they cannot be combined and then created separate profiles for each customized setting that I created. If anyone has info on Configuration Profile best practices using Jamf it would be greatly appreciated. Good luck!