Jamf Nation Community

acdesigntech · ‎10-11-2012

HI all,

I am experimenting with a number of MCX's in 10.8 (yeah yeah, use config profiles. I'm using MCX for some things, deal). I've made several changes to a few MCXs, the screen saver lock MCX we have, for example. Originally I had it set as this:

com.apple.screensaver
    askForPassword                             acaldwell (User)         always  1
    askForPasswordDelay                        acaldwell (User)         often   0
    idleTime                                   acaldwell (User)         often   1200

I later changed it to read:

com.apple.screensaver
    askForPassword                             acaldwell (User)         always  1
    askForPasswordDelay                        acaldwell (User)         often   0
    idleTime                                   acaldwell (User)         always  600

But for whatever reason I cannot get the Mac to refresh it's MCX settings. I've used jamf mcx -user acaldwell about a hundred times, rebooted, reset PRAM, deleted the contents of the /ManagedPreferences folder, delete acaldwell's com.apple.MCX.plist, etc. Nothing seems to work.

I also had been managing preference panes via MCX but did switch that to config profiles once I was pointed in the right direction on how to add my own panes. However that MCX still shows up in an mcxquery -computerOnly even though I've long since marked it as "Enabled: No" in the JSS; oddly enough it does show the idleTime localhost (Computer) always 600 change though.

Viewing the pref pane for screen saver it shopws "Start After: 20", so it's not taking effect.

acaldwell is a network user account with a local homefolder. If I log in with a local user account, mcxquery reveals that these changes are taking place (though the MCX that manages pref panes is till there), but the pref pane still says 20 minutes.

JSS is 8.6, OS is 10.8.2

jarednichols · ‎10-11-2012

sudo dscl . -delete /Computers/localhost
sudo rm -rf /Library/Managed Preferences

give her a reboot and then

sudo jamf mcx

for good measure.

View solution in original post

jarednichols · ‎10-11-2012

sudo dscl . -delete /Computers/localhost
sudo rm -rf /Library/Managed Preferences

give her a reboot and then

sudo jamf mcx

for good measure.

acdesigntech · ‎10-12-2012

Thanks jared, that worked!

question, will I have to issue that every time, or was this a case of corruption or some such other uncommonness?

matthew-c · ‎10-15-2012

It's an unfortunate quirk of MCX i'm afraid. I wrote the script below to deal with a very similar problem where our mass storage device lockdown policy wouldn't be removed when the user no longer had it applied to them. You can happily run it from Casper Remote or a policy if you need.

Also if you don't want to delete all of the local computer records swap

/usr/bin/dscl . delete /Computers

for

/usr/bin/dscl . delete /Computers/localhost

to match what was run in the above answer from Jared.

Cheers

Matt

#!/bin/sh

# set variables
userNames=`/usr/sbin/jamf listUsers | /usr/bin/grep <name> | /usr/bin/cut -d'<' -f 2 | /usr/bin/cut -d'>' -f 2`

# remove MCX settings

/bin/rm -rf /Library/Managed Preferences/*

# delete any computer records

/usr/bin/dscl . delete /Computers

# rebuild computer level mcx

/usr/sbin/jamf mcx

# rebuild user level mcx

for activeUserName in $userNames; do

    echo "Removing MCXFlags for user $activeUserName"
    /usr/bin/dscl . delete "/Users/$activeUserName" MCXFlags

    echo "Removing MCXSettings for user $activeUserName"
    /usr/bin/dscl . delete "/Users/$activeUserName" MCXSettings

    echo "Rebuilding MCX preferences for user $activeUserName"
    /usr/sbin/jamf mcx -username "$activeUserName"

done

exit 0

Jamf Nation Community

MCX refreshing oddities