- Jamf Nation Community
- Products
- Jamf Pro
- Re: Preferences imported as User Level only - No S...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Preferences imported as User Level only - No System Level Options
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-12-2012 11:35 AM
I imported a Preference Plist under "Create Managed Preference" and I noticed that the only options available are for User Level. This preference itself is a System-level preference and needs to be set as such, so I was curious if there was a way to make it System-level.
I'd imagine that I can manually create this preference piece by piece, but that would be rather tedious long-term.
If there is no way to do this currently, I'd be happy to put a feature request in for it. I think it is rather important to be able to set an imported preference as System Level, especially for people such as myself moving from OD MCX over to Casper MCX.
Nate
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-12-2012 01:01 PM
It is possible but I think you need to create local computer records in directory services, because by default there is no local computer record.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-13-2012 06:36 AM
I don't understand why I'd need to do a local computer records. When you go to create a preference manually, you can set it to computer at that time. When importing a preference plist (not a manifest), it would be nice if we could change it to system or user, whichever we feel like.
Obviously the app reading the plist needs to support the location, but that should be up to the admin to worry about.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-13-2012 07:04 AM
MCX has several levels of application. Always > often > once. Always should apply at the computer level, often should apply to the group level, and once only applies once. I don't use local MCX, as we are an OD shop for now. However, some MCX settings can only be applied at the computer level and you need to have a computer record to apply it to that level, at least in Open Directory you do.
On my personal machine at work (not bound to OD) I can look at the local computer records in dscl:
dscl . read /Computers/localhost
AppleMetaNodeLocation: /Local/Default
ENetAddress: 00:26:4a:1a:f5:d4
GeneratedUID: 8818B8A3-39B2-4098-8B71-0A0B250C7ABB
HardwareUUID: 9BC004A8-EF3A-526B-BE45-529D4133F9CC
IPAddress: 127.0.0.1
RealName: localhost
RecordName: localhost
RecordType: dsRecTypeStandard:ComputersIt is identified by the MAC address. That is the local computer record, and if my computer were in a computer group, I would point dscl to my LDAP server and get the MCX records from there. Now if I read the guest computer record (created in OD) on a student machine I get these results instead:
dsAttrTypeNative:cached_trust_info:
62706c69 73743030 a301090b d3020304 0507085f 10236473 41747472 54797065 5374616e 64617264 3a547275 7374496e 666f726d 6174696f 6e5f101c 64734174 74725479 70655374 616e6461 72643a44 61746153 74616d70 5f102864 73417474 72547970 65537461 6e646172 643a4170 706c654d 6574614e 6f64654c 6f636174 696f6ea1 06594675 6c6c5472 7573745f 10244544 31333631 30392d34 4337352d 34413141 2d393638 382d4139 35323044 31423037 36465e2f 4c6f6361 6c2f4465 6661756c 74d1040a 5a2f4253 442f6c6f 63616cd3 0c03040d 0f105f10 23647341 74747254 79706553 74616e64 6172643a 54727573 74496e66 6f726d61 74696f6e a10e5941 6e6f6e79 6d6f7573 5f102434 46463742 4134412d 41313137 2d344633 322d4239 46422d46 36453738 38443446 4338325f 10192f4c 44415076 332f7873 3130362d 612e6b63 6b70732e 6f726700 08000c00 13003900 58008300 85008f00 b600c500 c800d300 da010001 02010c01 33000000 00000002 01000000 00000000 11000000 00000000 00000000 00000001 4f
dsAttrTypeNative:preserved_attributes: dsAttrTypeStandard:AppleMetaNodeLocation dsAttrTypeStandard:CreationTimestamp dsAttrTypeStandard:ModificationTimestamp
AppleMetaNodeLocation: /Local/Default
CopyTimestamp: 2012-01-13T14:57:23Z
GeneratedUID: 76C24F87-E29F-4510-88F7-C2F784726AE1
MCXFlags:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>has_mcx_settings</key>
<true/>
</dict>
</plist>
MCXSettings:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>mcx_application_data</key>
<dict>
<key>com.apple.systempreferences</key>
<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<key>com.apple.preferences.users</key>
<array>
<string>MultipleSessionEnabled</string>
</array>
</dict>
</dict>
</array>
</dict>
</dict>
</dict>
</plist>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>mcx_application_data</key>
<dict>
<key>com.apple.loginwindow</key>
<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<key>AdminHostInfo</key>
<string>HostName</string>
<key>AdminMayDisableMCX</key>
<false/>
<key>DisableConsoleAccess</key>
<true/>
<key>EnableExternalAccounts</key>
<false/>
<key>HideAdminUsers</key>
<true/>
<key>HideLocalUsers</key>
<false/>
<key>HideMobileAccounts</key>
<false/>
<key>IncludeNetworkUser</key>
<false/>
<key>LoginwindowText</key>
<string>All staff, student and other users of the KCKPS network and Internet access must read and agree to the policies found below. Print out the appropriate form, fill it out and send it to the appropriate authority as indicated below. You can download and read the AUP from this link: http://www.kckps.org/tis/policies/
Logging in to a KCK comptuer implies you agree to the AUP.</string>
<key>RestartDisabled</key>
<false/>
<key>RetriesUntilHint</key>
<integer>0</integer>
<key>SHOWFULLNAME</key>
<true/>
<key>SHOWOTHERUSERS_MANAGED</key>
<true/>
<key>ShutDownDisabled</key>
<false/>
<key>com.apple.login.mcx.DisableAutoLoginClient</key>
<true/>
<key>mcx_UseLoginWindowText</key>
<true/>
</dict>
</dict>
</array>
</dict>
</dict>
</dict>
</plist>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>mcx_application_data</key>
<dict>
<key>com.apple.scheduler</key>
<dict>
<key>Set-Once</key>
<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<key>AbsoluteSchedule</key>
<dict>
<key>com.apple.SoftwareUpdate</key>
<dict>
<key>SUCheckSchedulerTag</key>
<dict>
<key>Action</key>
<dict>
<key>process</key>
<string>/System/Library/CoreServices/Software Update.app/Contents/Resources/SoftwareUpdateCheck</string>
<key>type</key>
<integer>0</integer>
</dict>
<key>Timer</key>
<dict>
<key>date</key>
<date>2040-12-01T06:00:00Z</date>
<key>repeatInterval</key>
<real>604800</real>
</dict>
</dict>
</dict>
</dict>
</dict>
</dict>
</array>
</dict>
</dict>
</dict>
</plist>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>mcx_application_data</key>
<dict>
<key>com.apple.SoftwareUpdate</key>
<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<key>autoEnable</key>
<false/>
</dict>
</dict>
</array>
<key>Set-Once</key>
<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<key>WebKitDefaultFontSize</key>
<integer>11</integer>
<key>WebKitStandardFont</key>
<string>Lucida Grande</string>
</dict>
</dict>
</array>
</dict>
</dict>
</dict>
</plist>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>mcx_application_data</key>
<dict>
<key>com.apple.MCX</key>
<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<key>DisableGuestAccount</key>
<true/>
</dict>
</dict>
</array>
</dict>
</dict>
</dict>
</plist>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>mcx_application_data</key>
<dict>
<key>.GlobalPreferences</key>
<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<key>MultipleSessionEnabled</key>
<false/>
<key>com.apple.autologout.AutoLogOutDelay</key>
<integer>0</integer>
</dict>
</dict>
</array>
</dict>
</dict>
</dict>
</plist>
OriginalNodeName: /LDAPv3/xs106-a.kckps.org
PasswordPlus: ********
PrimaryGroupID: 150001
RealName: guest
RecordName: guest
RecordType: dsRecTypeStandard:Computers
SMBSID: S-1-5-21-3121775812-2738585135-1394705183-998You can see the difference, and yes that is the MCX computer level record.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-13-2012 10:32 AM
Thanks for the writeup. I am aware of LocalMCX and was trying to avoid doing it that way. It is a lot of work for a preference that I could simply drop in place using Casper vs using the Managed Preferences.
I was hoping there was some way to force it to import as a System Level (as in dump it into /Library/Preferences ) rather then have to go the LocalMCX route. I don't feel like LocalMCX route gets me much over just placing the .plist via package. I currently use OD MCX, but I was hoping to get away from that due to the quirkyness of OD and the prospect of its future support (Obviously Configurations replace them, so I could always go that route).
Also, I've tried manually setting up these preferences in Managed Preferences and tagged it as a system level pref, but it doesn't seem to be applying. I looked at https://jamfnation.jamfsoftware.com/article.html?id=144 and went through that troubleshooting, but the output of the jamf mcx command was not very helpful. It outputted:
Parsing MCX Data...
There are no MCX settings to apply at the computer level
This happens when I do it vs computer level or user level. I know for a fact that some settings have indeed been set such as Login screen settings as well as some various user level setting. The strange part is that not all of them are being set. Some are, some are not.
Where do I go from here? I have Managed Preferences that are enabled in a Managed Preference Profile. My test machine is explicitly added to the Managed Preference Profile. It is missing the majority of the settings above and the mcx -verbose command is not really helping me much. Are there other log files I can look at?
Thanks!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-13-2012 10:46 AM
Well then, that was stupid. Turns out my QuickAdd package was still version 8.31 and I had updated the server to version 8.4. Duh! I shall crawl back into my cave now and put my pitchforks away.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-13-2012 12:18 PM
Well, the Casper client should self update once it checks in so the quickadd could be a moot point. I know in OD computer level MCX can only be applied to computer records. I think it is the same for local MCX as well.
I used the dscl command to export/import MCX files to local user accounts in my imaging process. So, the script creates the local user account, and then calls a manual trigger policy that imports my exported MCX file into the local account I just created.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-19-2012 05:02 AM
You can do system-level preferences if you create them manually. This is what ended up working for me. I didn't have to fiddle with LocalMCX or anything like that. It worked as if I had create a computer-level policy in OD MCX.
