Here is what I want to do: I would like to make it such that the root user on all managed computers has the AppleShowAllFiles set to 'yes'. I can think of only one way to do this but it seems very, very inefficient:
I have created a script to see who is logging in. If the logged in user is root, I issue the command 'Defaults write com.apple.finder AppleShowAllFiles yes'. Then, I created a policy to run this script which is triggered at login, and is set to 'ongoing' in frequency.
The problem of setting it to 'Once per computer' in frequency is that if it is not the root user who logs in first, then the setting will never get set because the script will never run again. But the problem with running the script at every login is that 99% of the time it will not be the root user logging in, but rather a student or a teacher, and that seems highly inefficient to me.
It seems like I should be able to set the scope to all computers and specific users, but oddly, the option to add local/LDAP users to the scope is missing so this doesn't seem like an option although I must say it would have been the most elegant solution I could think of. Is there a good reason this is missing from the scope options? Or is this a feature that has not been implemented yet?
So what is the best way to configure the policy so that the root is guaranteed to have that setting set, and it is not run at every singe login?
EDIT: I don't know why I didn't think of selecting 'Once per user per computer'. That makes it less inefficient :) . But if there is a better way to do it, please chime in!