Hey all,
I work in a small school district & I'm working on our new images (10.7 for WhiMacs & 10.10 for all of the aluminum models) for deployment this summer. I was hoping to start using configuration profiles a little more heavily. We tried doing this last year and couldn't get it to work, but I could've sworn I saw something in one of the previous JSS version release notes that said they'd fixed scoping to local users... We've just recently upgraded our JSS to 9.62.
So, here's the dealio. Our image has 3 local users (student, teacher & hidden admin). I'm mostly concerned with the student account. Specifically, I want to be able to "lock down" both the student dock & desktop background (and a few other things). The problem is, I also am not allowed to lock down these items for the teacher user, so I need to scope only to the student user.
We have (in previous years), set the "system immutable" flag on these items. That worked up until last year, when Mavericks changed the desktop background from a plist to a .db file. Now, the system doesn't seem to honour the immutable flag on that file (student can still permanently change the background).
This current year (on our mavericks image), I set up a launch agent that runs a script which "refreshes" the student side on login. I'll go back to doing that if I need to, but it's clunky (takes a few seconds after login to run) and not very elegant (It had a tendency to eventually get caught in a repeating loop, for some reason). It's also not running reliably on the 10.7 image. I'd prefer to be able to use profiles if possible.
I've set up my config profile (user level) to customize the dock, scoped it to my test computer group and set a "limitation" on the scope to apply only to the "student" user. If I look at the Management tab (in the JSS) of one of the test computers and specify the local user "student", the profile appears (so far, so good). Unfortunately, the dock remains unchanged for both 10.7 & 10.10.
Any advice or insight would be greatly appreciated.
