Jamf Nation Community

Thanks for the tip Jason, I figured it was something ridiculously simple. The -mcxdelete command took care of getting rid of those settings, still not sure what caused it to stick like that though.

It feels like directory services takes the mcx commands as input, and caches the end result as a managed user experience. Sometimes, deleting the mcx files doesn't seem to make any change, but adding a different mcx plist will.

I occasionally set scripts with -mcxdelete flags at both user and computer level, then jamf commands to pull down new mcx. This seems to do the trick pretty well.

Ok thanks, that's a really good idea, I'll have to do that.

Here is my script I run when troubleshooting MCX from the Casper Suite. It has a verbose shell so everything (and i mean EVERYTHING) is visible in the policy logs.

If anybody else feels like adding/modifying/correcting, please comment back to this thread. :)

#!/bin/bash -v
exec 2>&1

# Written by Douglas Worley
# v2.0 on June 1 2012

# Verify that the user is running this script with Super User credentials.
[ $EUID != 0 ] && echo "This script requires root privileges, please run "sudo $0"" && exit 1

# determine current user
CurrentUser=`/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'`

# To remove User-Level MCX Settings:
dscl . -mcxdelete /Users/$CurrentUser
    ##  if command was successful, output success
if [ "$?" = "0" ]
then
    echo "Successfully removed user-level MCX Settings for $CurrentUser."
    ##  if command was unsuccessful, output error message
else
    echo "NOTICE - Unable to remove user-level MCX Settings for $CurrentUser."
    echo "       - Is the computer managed?"
fi
sleep 1
echo ""
# To remove System-Level MCX Settings:
dscl . -mcxdelete /Computers/localhost
    ##  if command was successful, output success
if [ "$?" = "0" ]
then
    echo "Removed system-level MCX Settings."
    ##  if command was unsuccessful, output error message
else
    echo "NOTICE - Unable to remove system-level MCX Settings."
    echo "       - Is the computer managed?"
fi
sleep 1
echo ""
# nuke the files
rm -R /Library/Managed Preferences/
    ##  if command was successful, output success
if [ "$?" = "0" ]
then
    echo "Removed cached MCX files."
    ##  if command was unsuccessful, output error message
else
    echo "NOTICE - Unable to remove cached MCX files."
    echo "       - Is the path /Library/Managed Preferences valid?"
fi
sleep 1
echo ""
echo "Pulling down new global management policies"
/usr/sbin/jamf mcx -verbose
    ##  if command was successful, output success
if [ "$?" = "0" ]
then
    echo "Successfully pulled down new global management policies"
    ##  if command was unsuccessful, output error message
else
    echo "NOTICE - Pull down new global management policies from the JSS"
    echo "       - Is the computer managed?"
fi
sleep 1
echo ""
echo "Pulling down new user specific management policies for $CurrentUser"
/usr/sbin/jamf mcx –username $CurrentUser -verbose
    ##  if command was successful, output success
if [ "$?" = "0" ]
then
    echo "Successfully pulled down new user specific management policies for $CurrentUser"
    ##  if command was unsuccessful, output error message
else
    echo "NOTICE - Unable to pull down new user specific management policies for $CurrentUser"
    echo "       - Is the computer managed?"
fi
sleep 1

Well this will save me some time for sure, thanks for posting!