Posted on 01-08-2014 02:59 PM
I was curious how some other educational environments are handling managed preferences in Mavericks. I've been experimenting with Configuration Profiles, WGM-MCX, modifying the user template, login policies, launch agents, etc. I imagine most admins probably use a collection of these.
I found that some Managed Preferences don't use plist anymore in Mavericks, for example something simple like changing the wallpaper for accounts doesn't work with WGM-MCX managed preferences anymore in 10.9. This is because 10.9 ignores any values in ~/Library/Preferences/ (even though WGM-MCX correctly applies this preferences) and instead 10.9 will read the desktop picture preferences from ~/Application Support/Dock/desktoppicture.db. This is a SQLite db file that stores the desktop picture. Here is a really good article that explains how the desktop picture preference works in 10.9 There doesn't appear to be a way to manage that preference in Mavericks with MCX. I imagine there are a lot more preferences like this.
If you are using Configuration Profiles, do you find that they are ever inconsistent? Do they always apply at the first login in Mavericks?
Any insight would be very helpful! Thank you!
Posted on 01-09-2014 06:24 AM
We are a fairly large K12 and we still use OD (Workgroup Manager) to manage many settings, along with modifying the user templates, login policies, etc. So far what I've found with Mavericks is the desktop picture change, which you mentioned, and I haven't found a good way to "manage" it. At this time, I'm just replacing the default picture with our own and letting everyone have the ability to change it. That's fine for individual users but our K-5 students log in with a generic shared account, so it's not ideal for that account. For this account and other generic shared accounts, another problem is when a student opens a bunch of applications and then logs out, so that they open again for the next student at login. For 10.7 and 10.8 we ran a logout command that removed the user's byhost file and that worked fine. That doesn't appear to work in 10.9 unless the machine is rebooted. It's almost like it caches it to memory or something.
We need to migrate off of OD and we need to change our preference management approach at some point soon. I would cause a minor earthquake if I suggested that we have all of our K-5 students login with their own accounts rather than the easy to use and modify generic account, but we may have to go there.