Jamf Nation Community

mcrispin · ‎05-17-2011

I needed to be able to force lab machines to use external devices only for their mobile homes, (aka: external accounts).. problem is, the key values in com.apple.MCX that control this behavior aren't part of any template or Manifest Destiny project. So -- OK.. I go to my OD MCX and extrapolate the com.apple.MCX of a testing account. I import the values that are different... but inexplicably -- why is it that Casper forces all preferences I import to be User Level at each login only.. and not allow me to change this?

I had to manually recreate each key by hand, which while not the most labor intensive thing - was still kinda a pain... because I need this setting to be both System and User forced. Now it works, but that was kinda painful way to go about things.

....or (as I am hoping...) am I doing something wrong, or is there an easier way to get what I want?

Michael Crispin
Duke University

tlarkin · ‎05-18-2011

Yes, it should in theory. You just need to run WGM on a machine locally (no connection to OD servers required) and create a guest computer record on the local berkley database. Then use a simple script via post imaging, or user triggered policy to use the mcx import functions of the dscl command line. Then just toss your MCX file on the casper share, that way you can tell the script the full path where to grab the MCX records from.

http://managingosx.wordpress.com/2008/02/07/mcx-dslocal-and-leopard/

http://managingosx.wordpress.com/2010/03/12/yet-again-with-the-local-mcx/

Also search www.afp548.com for some articles as well. Then this is from the dscl man page (note I am on a 10.5 machines now so if you are on 10.6 it may differ):

MCX Extensions: -mcxread <record path> [optArgs] [<appDomain> [<keyName>]] -mcxset <record path> [optArgs] <appDomain> <keyName> [<mcxDomain> [<keyValue>]] -mcxedit <record path> [optArgs] <appDomain> <keyPath> [<keyValue>] -mcxdelete <record path> [optArgs] [<appDomain> [<keyName>]] -mcxexport <record path> [optArgs] [<appDomain> [<keyName>]] -mcximport <record path> [optArgs] <file path> -mcxhelp

tlarkin · ‎05-18-2011

Mike-

Have you looked at using the dscl command line to export/import Computer MCX records? If you use WGM and make a guest computer entry and manage your preferences that way, it should be machine level. Which in return should be applied to all users regardless of even their group or user preferences. I don't really use local MCX because of my OD infrastructure here, but it should work in the same manner of making computer level policy instead of user/group at the local level.

Maybe worth a shot?

Thanks, Tom

mcrispin · ‎05-18-2011

Thanks Tom -

My goal is to be only Casper MCX, and not the OD MCX. My frustration is because while I can nab the plists I want from the managed preferences folder and import them into Casper, Casper by default forces these to be user level only. If I want to take the materials of a system level preference, I need to manually enter them in to the JSS.

Would your suggestion get around this somehow (straight importation of machine level controls)?

Mike

mcrispin · ‎05-24-2011

Far. Out. Thanks Tom!

MIchael Crispin
Duke University

Jamf Nation Community

Importing Preferences - Why Force User Level Only?