If you’ve been following my postings for the past few weeks you may have noticed that I’m putting the pieces together for a strategy to transition existing managed preferences in environments to profiles, most notably those managed using Lion Server’s Profile Manager as more than just a mobile device management tool, but also as a computer management tool. To put the articles into a bit more order, let’s look at the order that you’d likely use them to actually do an integration: If needed, upgrade any existing Open Directory deployments to Lion: https://krypted.com//mac-os-x/upgrading-open-directory-from-snow-leopard-server-to-lion-server Start off with getting Profile Manager installed (Part 1): https://krypted.com//iphone/setting-up-profile-manager-in-lion-server Then integrate Profile Manager with your internal directory…
-
-
Automating Profile Manager Enrollment Through DeployStudio
When planning to migrate from managed preferences to profiles, one of the important aspects to consider is automated enrollment. One of the more important aspects of automating a traditional managed preferences environment is to automate the binding to directory services. You do not bind to Profile Manager; however, you do enroll devices. Much like binding computers to Lion Server’s Open Directory (by default), certificates and host names are important aspects of the enrollment process. Much as with local managed preferences, management via profiles can be done through the command line and without any involvement from a centralized source. I had written an article awhile back on using profiles from the…
-
Disabling Bluetooth Discoverable Mode
Awhile back I did a little article on Bluetooth. I also did an article on disabling menu items such as Bluetooth, using Managed Preferences. But I hadn’t looked at granular controls of Bluetooth settings. Luckily, a user submission on the topic just came in and Ted Kidd from Michigan (thanks, Ted!). Ted has provided a script for disabling Bluetooth’s Discoverable mode. His submission: I’ve found that more than a fair share of preferences are stored for each specific user on a computer. I’ve also found that some preferences are stored in a “ByHost” folder in /Users//Library/Preferences. Anything stored in the ByHost folder has the hardware UUID in the plist file…
-
The Mac OS X App Store & Managed Environments
The Mac OS X App Store was released earlier this month as a part of the Mac OS X 10.6.6 update. The App Store, with over 1,000 applications (including a couple of server tools), allowing people to download and install applications on Mac OS X computers without needing to understand how to click through the screens of a standard package installer, drag applications from disk images into the /Applications folder or basically how to do practically anything except for click and provide a valid credit card number. As with the App Store that debuted with the iPhone, the App Store for Mac OS X is clearly aimed at residential customers,…
-
Refreshing Managed Client Cache
Deleting the contents of the /Library/Managed Preferences directory is definitely one way to refresh your managed preferences cache in Mac OS X, but there have been commands specifically designed to clear the cache for each version of Mac OS X. By OS, these include the following: 10.6 – mcxrefresh – You can use this command (in /usr/bin) to refresh managed preferences 10.6 also has a ManagedClient binary in /System/Library/CoreServices/ManagedClient.app/Contents/MacOS/ManagedClient. When run with a -f option, ManagedClient will force updates. 10.5 has a binary called mcxd located in /System/Library/CoreServices/mcxd.app/Contents/MacOS/mcxd which can also be run with a -f option 10.4 has a binary called MCXCacher, stored in /System/Library/CoreServices/mcxd.app/Contents/Resources/MCXCacher which also supports the…
-
mcxrefresh article over on afp548
A short contribution I made to afp548 on the new mcxrefresh command in Snow Leopard. Check it out here.
-
Parental Controls in Mac OS X
-
Server Admin Comic?
-
Managing iTunes en Masse
iTunes is cool. But there are some features that many organizations want to limit as when they are used by a large number of people they can become problematic. Apple allows you to manage iTunes for Windows and Mac OS X clients. For Windows, there are a number of registry keys that can be used and for Mac OS X there is the ~/Library/Preferences/com.apple.iTunes.plist file, or more importantly the ability to Add the aforementioned file into the Workgroup Manager Managed Preferences. Once added you will be able to set a number of options to manage, including the following (which are self explanatory for the most part): allowiTunesUAccess disableAppleTV disableAutomaticDeviceSync disableCheckForUpdates…
-
Mac OS X: Managed Preferences without Open Directory
Yes, you can apply an MCX against a local account easily using the -mcximport and -mcxexport dscl extensions. Simply setup the MCX like you want it for a managed account using Workgroup Manager and then from the interactive dscl environment do a -mcxexport <Path to account> -o <filename> and then copy the file to a target system. Then, on the target system, do a -mcximport <path to account> -o <path to same filename>. Then test! Happy policy making!