Setting local prefs via MCX

Not applicable

Hi all,

I'm working on setting up some 10.5.8 workstations, and I'm trying to use
MCX to set Preferences on a generic local user to lock down certain
settings. We do not use directory authentication (and please don't tell me
why I should set it up ­ it just doesn't work for our purposes right now) -
I'm trying to do this on a local machine level. I used Workgroup Manager to
import all the settings, and it works fine on the machine I set it up on.

I started working with this as a guide: -
however, it talks about Group settings, but doesn't specifically mention
User level settings.

I can get the Preferences in place on the other computers just fine, but
does anyone know what files are needed to have MCX enforce that local user's
settings on a localhost level to make those settings permanent?

-- Christopher Kemp
CNN Central Engineering


Not applicable

Update: I was able to get this to ALMOST work by:

  1. Overwriting the user's ~/Library/Preferences/ directory with the one set up on the test machine;
  2. Overwriting /private/var/db/dslocal/nodes/Default/ directory with the one from the test machine;
  3. Checked 'Update ByHost Files' in Casper Remote;
  4. Fix passwords for the generic user & generic admin user's accounts.

Now, by doing these steps the settings DO actually work - I say 'almost
work' because I want to know why Step #4 is necessary? I tried this a couple
of times on a clean install, and both times I ended up munging the passwords
for these two users ( thank goodness my Casper admin user's password
survives!). However, the password should be exactly the same for the users
on both machines. I even went back to my original machine, added the correct
passwords in Workgroup Manager, and re-built my DMG Sources from scratch ­
but it still kills the password.

Anyone got any ideas? I'm new to dealing with MCX settings, so any insight
is appreciated.

Honored Contributor

You are doing local computer policy correct? If you load Work Group
Manager on your system and point it to the local directory services you
should be able to create policy. Create a guest computer and do so. Then once you are done, highlight that guest computer and export it. You later can toss that file in Casper and script out importing of MCX

You can use dscl to import MCX files. In fact, you may even be able to
export those MCX files in WGM and then import them into the JSS? I have
not tried that, but I think that is what Casper does. It just reads XML
files to enforce MCX, and most likely it uses the built in Apple stuff
to do it.