this is the script we use to get the groups set up and the mcx applied
to the groups. we do something similar where we export the mcx settings
as a plist and import it to the machine: #!/bin/sh #flush previous mcx
settingsdscl . -delete /Users/LOCALM...
sorry about that. we use dsconfig to create the group and add the ad
users. we then use dscl to import mcx for the group all scripted. we
originally started with workgroup manager to get the idea on what it was
doing and how to mimic it.
we currently manage our lab and public machines with mcx. the users are
all logging in with ad acounts. we create a group in workgroup manager
which we apply the mcx to. then we add domain users to that group to get
the settings to apply.
