[MacTUG] Using Managed Preferences in the DSLocal domain
Marlon A. Griffith
m3griffi at engmail.uwaterloo.ca
Mon Jan 28 16:29:49 EST 2008
afp548
Friday, January 25 2008 @ 11:32 am CST
Contributed by: nigelkersten
So this has recently been discussed on the MacEnteprise list, but we thought we'd try and collate these ideas into a real world example.
Most of you should be aware of how you can use MCX to manage preferences for your directory service. Generally these days this is done by either running Open Directory, extending the schema for Active Directory or a standard OpenLDAP installation, or running a "magic triangle" setup where your client machines are bound to both an Open Directory setup and an Active Directory/OpenLDAP setup.
You might think that apart from these scenarios that you don't have any options for MCX management, but that's not true at all. We do have another option. Put MCX controls into the local directory service.
Read on for some practical examples....
Let's think of a real world example. Let's imagine that you have a remote directory service that hasn't had the schema extended, and you don't have an OS X Server box providing a magic triangle setup, but you would like to manage a few simple preferences such as the loginwindow, perhaps disabling automatic login, and disabling password hints.
We could do this simply by pushing out appropriate preferences, or writing to the given preference files, but doing this with MCX gives you some major advantages.
Firstly, you'll find that some of Apple's preference panes will respect an MCX setting and actually disable the GUI controls for a given preference. For example, if you enforce FileVault with MCX, you'll see that users can't actually click on "Turn Off FileVault" in the Security preference pane.
Secondly, even when GUI controls don't disable themselves for MCX, you don't have to worry about the relevant setting being overwritten by a user and you scripting it to be automatically reset. MCX will sort this all out at login.
http://www.afp548.com/article.php?story=using-mcx-in-the-dslocal-domain
More information about the MacTUG
mailing list