- Jamf Nation Community
- Products
- Jamf Pro
- Parental Control MCX and AD Accounts
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Parental Control MCX and AD Accounts
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-24-2013 12:04 PM
Has anyone managed to get any kind of parental control settings working with AD accounts? I've had plenty of success with local accounts but none with AD based accounts.
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-24-2013 12:23 PM
we currently manage our lab and public machines with mcx. the users are all logging in with ad acounts. we create a group in workgroup manager which we apply the mcx to. then we add domain users to that group to get the settings to apply.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-24-2013 12:40 PM
Ah.
I don't have Workgroup Manager anymore. Only tools i've got is with Casper 8.71 and whatever I can script.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-24-2013 01:08 PM
sorry about that. we use dsconfig to create the group and add the ad users. we then use dscl to import mcx for the group all scripted. we originally started with workgroup manager to get the idea on what it was doing and how to mimic it.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-24-2013 02:37 PM
So what i've tried is the following:
1) I've exported out a "kiosk.plist" from a properly set up user account.
2) Imported plist into Casper managed preferences, set scope to a specific ad group. MCX doesn't apply properly.
3) Set up a script to execute "dscl . -mcximport /Users/kiosk /Volumes/CasperShare/Scripts/kiosk.plist". Same results as no.2 or nothing.
4) To confirm, I made sure the network account exists before setting up parental controls manually. Again, no joy.
So I try with a local account instead. Works every time. Hrm.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-24-2013 03:46 PM
this is the script we use to get the groups set up and the mcx applied to the groups. we do something similar where we export the mcx settings as a plist and import it to the machine:
#!/bin/sh
#flush previous mcx settings
dscl . -delete /Users/LOCALMANAGEDUSER dsAttrTypeStandard:MCXSettings
dscl . -delete /Groups/GROUPNAME dsAttrTypeStandard:MCXSettings
#import nyuguest mcx settings
/usr/bin/dscl . -mcximport /Users/LOCALMANAGEDUSER /YOURMCX.plist
rm -f /YOURMCX.plist
#create ad users group
dscl . -create /Groups/GROUPNAMEHERE
dscl . -create /Groups/GROUPNAMEHERE name GROUPNAMEHERE
dscl . -create /Groups/GROUPNAMEHERE gid 1025
#import ad users mcx settings
/usr/bin/dscl . -mcximport /Groups/GROUPNAMEHERE /YOURMCX.plist
rm -f /YOURMCX.plist
#add Domain Users to group
dseditgroup -o edit -a "Domain Users" -t group -i 209991574 GROUPNAMEHERE
this creates a group with dscl and then applies mcx to the group. in the last set we add all domain users to the group so mcx setting are applied to them when they log in. we also have a managed account for guests which is where the first part of the script comes in to play.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-25-2013 08:41 AM
I'm trying to do this via Casper managed preferences and AD grouping as it's part of our various internal and external networking agreements. (Very long story). Sounds like trying to apply this on logon may be impossible or near impractical
EDIT: Turns out i'm wrong and I just needed to rework most of my MCX prefs.
