Jamf Nation Community

After talking to JAMF support about this, I turned on Managed Preferences. I'm now running both and it seems to be working okay. The issue of Casper managed preferences breaking Open Directory settings seems to have been resolved.

Did they say which would take precedence if there was a conflicting preference? or would you have to be careful and make sure the computer is only scoped to MCX in one. (ie. Casper OR Open Directory)

If you are able to do this at the time of migrating from OD to Casper MCX, you could just wipe the MCX records and then allow JAMF's framework to apply the new ones.

so an example would be (may not apply to 10.7):

#!/bin/bash

# remove MCX settings

/bin/rm -rf /Library/ManagedPreferences/*

# delete any computer records

/usr/bin/dscl . delete /Computers

exit 0

This will remove all MCX records, then at next start up or log in when Casper applies it's MCX settings there should be no conflict. One obvious caveat is that if you remove those files and MCX doesn't get applied for whatever reason, then the machine is no longer managed.

-Tom

I would like to move away from OD and WGM completely. I have a 2008 R2 server as a AD. I have tested a Lion client with home synching and it works. sort of. Permissions are out of wack on the home folder. Desktop, Documents and etc are created as hidden for some reason.

Anyway, can anyone help me with a guideline on how to get the MCX settings I enjoy in WGM over to the Casper server? Is there a way to do a small test on only my test machines with casper/ad/lion?

Lannie

PS Do I even need to extend the AD Schema if I wont be doing the triangle or WGM?

Lannie, no need for schema extension or other modifications if you don't plan on using WGM in your setup. Casper's MCX can apply settings to managed systems without any of that in place, because it applies them to the local domain on the clients.

As for how to go about testing it, enable Managed Preferences in your Casper framework (if it isn't already on), then go to Management > Managed Preferences in your JSS and create a Managed Preference Profile, call it something like "Testing". Then in the same section you were in, click on Create Managed Preference. Start adding in any MCX settings you'd like to start your testing with, making sure to adjust settings for each one, if needed. As you add them in, click on the "Profiles" tab and be sure to check the box next to the profile you created earlier. Save and repeat.
Once you've got a good sampling together, start adding some individual Macs into the Scope tab of the "Testing" Managed Preference Profile. Doing so will ensure that those Macs will start getting the prefs applied next time they log in. You can also force the settings to apply by doing a 'sudo jamf mcx' and 'sudo jamf mcx -username <username> (The first applies to Computer level, second applies to User level)

As for how to migrate settings over from WGM into Casper, I'm not sure that's really possible, since the structure is different in how they get created in Casper. Unless someone knows of some special tricks here, i.e., xml export/conversion, etc, I think you will need to recreate them. As they don't always match up in how they are labeled in each system, it may take a little time and experimentation. But, I would check in with your JAMF account manager before listening to me.

Thanks for the info. I dont have the slightest idea how to create a Managed Preference. What I meant about bringing existing ones in, is there a way to find plist files for settings and import them into casper or do I have do build them from scratch?

Are there any samples anywhere or documents that show all the different settings that can be created? I
m pretty green at this and have no idea where to start.

Lannie

Hi Lannie,

There are some templates built into Casper that you can work from. What sort of things do you want to manage? If you can list some examples I can try and point you in the right direction.

Cheers
Jacob

I found the templates. I set several of them and assigned them to a single computer. So far I dont see anything taking affect. I did turn on managed preferences at the computer and user level in settings.

I will wait the 15 minutes for the computer to contact the JSS and see if they take effect after that.

I would like to restrict all of the system preferences (grayed out) except for a few I want allowed. Mouse, sounds etc.

I want a message at the login screen stating the AUP policy.

Lannie

It works! I forgot that I was using my test Windows 2008 server and the Lion client was using the DNS server on the windows server. It was not able to resolve the JSS server url.

I changed the DNS entry on the Windows server for JSS. Ran JAMF MCX and bam! everything I set works.

Now I have to figure out how to do it for the domain users and not for real local admin accounts.

I changed the management from computer managed to user managed. It is still managed system wide. Do I have to do a refresh or something to get it to work per user instead of per computer?

I turned off the management policy I created. Did a jamf manage. tried a jamd mcx. It now has all the preferences I enforced even with the policy turned off.

How do you flush the policy you created and enforce the new settings?

Lannie