Viewing applied MCX Settings

7 01 2010

Chances are if you have worked with Client Management on OS X (called MCX) you’ve wanted to test out settings and view what is actually being applied to the user / group / computer.  (From the Windows world, there is a MMC snapin, rsop.msc that you may be familiar with)  The tough part is you can’t really view these applied settings as they combine in Workgroup Manager.  The capability is there to view them on the user or the group or the computer or the computer list.  However, nested settings won’t show, and screenshots of settings are tough to work through, especially when you are using nested groups and computer lists.

Viewing the local files in /Library/Managed Preferences will show you the applied plists per user and for the machine.  But again, it is tough to figure out how these all apply and overlap.  This is where the mcxquery command proves to be very useful.  Even better, the tool has a GUI wrapper for when you are not feeling in the mood for CLI butteryness.  The difference, however, lies in the requirements.

To view the settings in a GUI form, you will need to be logged in to the workstation with the account you are interested in checking out.  This works well on one account.  To view the settings, open System Profiler (Apple Menu -> About this Mac -> More Info)  Along the left, under Software, is a heading Managed Client.  Clicking in this will traverse settings and display them with disclosure triangles for each preference key, the settings applicable, and from where the preference originates.  An excellent to see what is being applied and from where.

The CLI method to this tool is simply:

mcxquery -user USER -group GROUP -computer COMPUTER

With this command, you specify the user, group, and computer to view the settings.  The benefit with this method is you don’t need the user password or the specific computer to view applied settings.  The user must be a member of the specified group, and you define the computer with either the UUID, mac address, or record name.  If a computer is not specified, the computer in which the command is executed will be used. Once using this command, you will see in one terminal window all settings via key.

These are great tools use for viewing MCX settings and “seeing” the result of nested groups.

Is there a favorite tool or another approach you utilize to view your managed settings?  I’d love to hear about them!


Using OpenDirectory Computer lists with Apple Remote Desktop

23 11 2009

A long requested feature that I’ve wanted to see in ARD that emerged in version 3.2 (I believe) is to utilize OpenDirectory computer lists for my ARD administrator’s workstation.  A benefit to using this setup is a better management workflow.  Simply put, it is better to do a process once and have it propagate through all management tasks.

How does this work?  It require three items:

  1. An OpenDirectory System
  2. WorkGroup Manager
  3. Apple Remote Desktop

To start out, you will want to build a computer list in at least 10.5 via WorkGroup Manager.  You can not use a 10.4 computer list and upgrade it.  The reasoning behind this pertains to the directory services schema structure.  In 10.4, computer groups were stored in cn=computer_groups,dc=your,dc=domain.  In 10.5+, this was changed to a more robust computer list stored in cn=computer_lists,dc=your,dc=domain.  While you can change Directory Utility mappings and object classes, this is not recommended as this will impact WorkGroup Manager.

Ideally, all computers coming into your organization will automatically be added or bound to Open Directory.  This allows for managed client settings to be grouped and applied to computers in various methods, such as nested groups.  In addition to giving you a benefit of computer management via policies, these computer lists can now be leveraged in Apple Remote Desktop.

To complete the linking of ARD to OpenDirectory, open ARD and create  a new scanner.  From the scanner type, select “Directory Service”.  ARD will now query your OpenDirectory system via APIs and return a listing of computer lists.  You will need to ensure  computers  already exit in your “All Computers” list, but this will allow for a much easier route to create and utilize existing groups in your computer management process.

Google Apps and Open Directory Integration

27 04 2009

A guide on how to integrate Open Directory with Google Apps has been published.  Find out how to use your existing Open Directory accounts in Google Apps, as well as setting up a web-based frontend for Single Sign on.

To view it, check out Papers and Presentations.

A Windows Mobile phonebook replacement

15 04 2009

I’ve recently plunged into the world of getting a new phone.  Bye bye to the Motorola e815 and hello to the Samsung Omnia i910.  One of the biggest issues I was having was getting organized and actually using / leveraging the phone book.  The built-in one was a bit slow and the Windows provided one, well, is Windows-esq.

I did some digging on the internet and found a few replacements, and so far my favorite has been PhonEX from  When looking at all of the features out there, this has picked some of the nice aspects from the iPhone and made them available to Windows Mobile.  Once nice thing about the dial-pad on this application is how big and finger-friendly it is.  You really don’t need to worry about hitting the wrong key, and the letters corresponding to each key (ABC on 2, DEF on 3, etc) are easy to see.

Another area I have found this app great has been with the GUI responsiveness.  The phone itself is touchscreen and kinetic scrolling is present, and works really well.  What does that mean?  Well, if I flick my finger slow down the screen, my contacts scroll slowly.  If I flick my finger fast, the contacts move quickly.  With that though, the contacts are not too big, not too small.  It is easy to read ones name.

Also, there is some great filtering built-in with the ability to add categories and specific ringtones to categories.  A nice way to quickly hear who is calling.

There also is some nice call history built in.  Rather than getting a giant scrolling list of every call you receive, they are grouped and you can select a number to see the history of that contact calling you.  I find this a great way to reduce the clutter normally existing in the “call history” setup, especially when looking at other phones I have had.

Finally, editing and working with a contact is done in an easy to use manner in this application.  When wanting to change a ringtone, image or edit contact information, it is easy to get to, and again, easy to use with a finger navigation.

Take a look for yourself … you can get a 15-day Demo at

Talking about a SAN

16 02 2009

This is a writeup on what I’ve progressed through with the SAN purchase implemented this summer at my school district.  I briefly talk about the need, hardware selected, software, network setup and some thoughts to consider if you are in the same boat.

Read about it in inSANity, revealed


29 01 2009

First off, let me say thank you for taking the time to find my page.  The purpose of this site, at least in my minds eye, is to create an area where I can share ideas, tips, and knowledge with others who may find it beneficial.  Along those lines, I would also be glad to hear what you have to say and learn from others.  By creating a collaborative environment, all individuals participating may be able to broaden their knowledge on specific areas.

While most of the experience I have had is in the technical arena, I’ve been able to be exposed over the last few years to more aspects of technology in education beyond the nuts and bolts.

So with that, happy browsing.