Skip to main content
Question

MCX to block the security preference's?

  • November 23, 2010
  • 3 replies
  • 25 views
ImAMacGuy
Forum|alt.badge.img+23

I want to block out changes from the Security --> FileVault preference
window. I tried using FSEventer to find which file is modified but
unfortunately my drive needs an additional 90gig of space to
enable/disable FV :-(. So it doesn't seem like FSEventer is capturing
the data I need. Does anybody have a MCX template or point me in the
right direction to get one setup to block changes to it?

John Wojda

Lead System Engineer, DEI

3333 Beverly Rd. B2-338B

Hoffman Estates, IL 60179

Phone: (847)286-7855

Page: (224)532.3447

Team Lead: Matt Beiriger
<mailto:mbeirig at searshc.com;jwojda at searshc.com?subject=John%20Wojda%20Fe
edback&body=I%20am%20contacting%20you%20regarding%20John%20Wojda.>

    3 replies

    ImAMacGuy
    Forum|alt.badge.img+23
    • ImAMacGuy
    • Author
    • Esteemed Contributor
    • November 23, 2010

    I came across the MCX "Require FileVault Mobile Homes", system level
    enforced, and the key cachedaccounts.create.encrypt, Boolean, true. I
    added to a test machine and imaged it. It didn't create the FV account
    like I expected. I rebooted, "waited", logged out / in... no changes,
    it never triggers FV to start. All it seemed to do was grey out the
    option. I created the account as a mobile when I logged in since it's a
    laptop...

    Anybody had any experience with this MCX?

    John Wojda

    Lead System Engineer, DEI

    3333 Beverly Rd. B2-338B

    Hoffman Estates, IL 60179

    Phone: (847)286-7855

    Page: (224)532.3447

    Team Lead: Matt Beiriger
    <mailto:mbeirig at searshc.com;jwojda at searshc.com?subject=John%20Wojda%20Fe
    edback&body=I%20am%20contacting%20you%20regarding%20John%20Wojda.>

    T
    Forum|alt.badge.img+31
    • tlarkin
    • Honored Contributor
    • November 23, 2010

    Ask and you shall receive. This is a screen shot from how I do it in
    WGM. If you look, all this really is just a bunch of strings of enabled
    system preferences. So anything off the list, is not enabled, and the
    security pane is missing from this list. So, you would create the
    com.apple.systempreferences property list.

    A really powerful tool is the mcxset switch from the directory services
    command line. If you look up a recent email on the list from Jared
    Nichols he uses it to ensure a start up item and was able to add it via
    command line and Casper.

    One of these days I need to do some screen captures with Camtasia and
    post them online, the MCX stuff is pretty easy if you use WGM and the
    command line tools.

    ![external image link](attachments/34594618fd1d41a8bd38d4e8e5a83404)

    R
    Forum|alt.badge.img+12
    • rmanly
    • Contributor
    • November 30, 2010

    And this is how you do it in Casper, if you are managing MCX that way. You
    explicitly allow certain panes instead of denying.

    For example here is my "Student - Strict" setting for System Preferences:

    <array> <string>com.apple.preference.desktopscreeneffect</string> <string>com.apple.preference.displays</string> <string>com.apple.preference.sound</string> <string>com.apple.Localization</string> <string>com.apple.preference.general</string>
    </array>

    The Description: block in the Casper Web Interface for this managed pref
    tells you how to find the name of the string to go into the Array.

    Ryan M. Manly
    Glenbrook High Schools

    Terms & ConditionsCookie settingsAccessibility statement