Removing Managed Prefs

Similar Messages

• In Lion, how do you bypass managed prefs when logging on?

  in Lion, how do you bypass managed prefs when logging on?

  Ahh, that's a Lion Server question...sorry, can't help.
  Someone else hopefully will be along to answer for you.
  EDIT: won't help you in the short-term, but long term might be worth investing in this:
  http://shop.oreilly.com/product/0636920022664.do

• Some managed clients don't pick up managed prefs.

  i have a brand new G5 Xserve running OS X 10.4.7 with all current updates installed. DNS, OD, AFP, NFS, and SMB are all working as expected.
  there are two user groups, faculty and students, that contain around 40 and 300+ accounts, respectively. all logins appear to be working fine.
  all previously unmanaged client machines -- seemingly regardless of OS version (a mix of 10.3.9 and 10.4.x) -- log in fine, and users receive all managed prefs.
  some of the previously managed clients -- an old OD master now demoted to standalone on a 10.3.9 server -- login fine but don't grab some of the managed prefs. specifically, faculty user accounts don't show the required dock links to shares on the server and don't automount the two main AFP directories they need. home directories mount fine.
  all problematic machines have been joined to the new OD.
  has anyone seen this happen? i appreciate any insight you may have.
  macbook pro 2.16 ghz, powerbook G4 1ghz, G4 400 mhz, poweredge and some junkers   Mac OS X (10.4.7)  

  i have a brand new G5 Xserve running OS X 10.4.7 with all current updates installed. DNS, OD, AFP, NFS, and SMB are all working as expected.
  there are two user groups, faculty and students, that contain around 40 and 300+ accounts, respectively. all logins appear to be working fine.
  all previously unmanaged client machines -- seemingly regardless of OS version (a mix of 10.3.9 and 10.4.x) -- log in fine, and users receive all managed prefs.
  some of the previously managed clients -- an old OD master now demoted to standalone on a 10.3.9 server -- login fine but don't grab some of the managed prefs. specifically, faculty user accounts don't show the required dock links to shares on the server and don't automount the two main AFP directories they need. home directories mount fine.
  all problematic machines have been joined to the new OD.
  has anyone seen this happen? i appreciate any insight you may have.
  macbook pro 2.16 ghz, powerbook G4 1ghz, G4 400 mhz, poweredge and some junkers   Mac OS X (10.4.7)  

• Dynamically adding and removing managed servers

  Hi,
            I'm experimenting with adding and removing managed servers while applications are running on the cluster. I've written some scripts using weblogic.Admin to do the tasks. It seems that it's working. However, I'd like to confirm that this is supported. I also have the following questions:
            1. Applications running on a cluster are automatically deployed to the newly configured managed server once it is started using startManagedWebLogic.sh. Are there any non-error situations that applications are not started automatically?
            2. To remove a managed server from the cluster, I first shutdown the server gracefully and then delete the server from the domain using weblogic.Admin. Is this the recommended way to do it?
            3. Anything else I need to pay attention to before adding and removing servers?
            Thanks for any information and pointers.
            Ming

  1. only if the staging mode is external.
            2. yes, if the server should be permanently removed. If the server is down for short maintenance, you do not need to remove it from the cluster.
            3. yes, try to avoid doing this during deployment tasks. That can be nasty.
            - Anders M.

• Computer Managed Prefs: Local Login Account Fails

  I have ann intel Mac running Tiger. It is also bound tom active directory so that network accounts can login to it. The problem is that when I use the managed computer prefs from the tiger server workgroup manager, the local account cannot login, however when I remove the computer from the list it will login the local account.
  I have deleted the account and tried a fresh one. I have reset the PRAM. HAs anyone else experienced this problem. Since I am only managing the prefs at the machine level it should not affect users accounts like this.....
  Is there a real good source for management tips using the workgroup manager....There are some issues I have with this tool and maybe I can get some more insight into how to deal with some of the holes in the system....

  Since I am only managing the prefs at the machine level it should not affect users accounts like this...
  Yes, it will.
  In WGM click the 'Preferences' icon. Click the 'Computer Group' icon (double rectangle). Click the 'Login' icon. Click 'Options'. Check the checkbox labelled, 'Local administrators may refresh or disable management'. Click 'Apply'.
  To allow your AD domain admins to administer your workstations, in Directory Utility.app click the 'Services' icon. Click on the 'Active Directory' plugin. Toggle the triangle next to 'Show Advanced Options'. Click the 'Administrative' tab. Check the 'Allow administration by:' checkbox. Add the AD admin groups that you wish to allow admin level access on your client workstations. Click 'OK'. Click 'Apply'.
  You can take a look at the two resources below on Active Directory integration and OS X client management for more information.
  Mike Bombich's, 'Leveraging Active Directory on Mac OS X':
  http://www.bombich.com/mactips/activedir.html
  John DeTroye's, 'Tips and Tricks for Macintosh Management, Leopard Edition':
  http://homepage.mac.com/johnd/.Public/tandtleo14.3.pdf

• Unable to remove manager field in AD through OIM 9.1

  Hi,
  I am trying to remove the manager of a user in the AD Profile without changing the Manager ID in the OIM Profile. I am getting the below error when I try to modify the attribute manager by replacing it with a null string.
  LDAP: error code 21 - 00000057: LdapErr: DSID-OC090B8A, comment: Error in attribute conversion operation, data 0, v1db1)
  I am getting the same error even if I am trying to change the manager field in AD without changing the manager field in OIM.
  I am trying with the below code;
  BasicAttributes at = new BasicAttributes();
  at.put("manager","");
  context.modifyAttribute(UserDN,2,at);
  What could possibly be the reason for this error? Please help guys.
  Edited by: User_OIM on Dec 27, 2012 7:06 PM

  Check if below works for you
  +// Specify the changes to make+
  ModificationItem[] mods = new ModificationItem[1];
  +// Remove the "manager" attribute+
  mods[2] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE,
  new BasicAttribute("manager"));
  +// Perform the requested modifications on the named object+
  context.modifyAttributes(UserDN, mods);

• Screensaver byhost managed prefs only work with diradmin

  hey folks,
  for some reason, i can't get the managed screensaver prefs to stick (specifically the module name and the timeout) for any account (or the login window) other than the directory administrator. i'm using a brand new mac pro (2009) as a 10.5.6 leopard server with OD. i changed the UUID (or whatever it is now) in the byhost prefs to the mac address (made a duplicate on the server) so wgm would pick it up as byhost. what can i do to remedy this?
  here's a screenshot:
  http://i41.tinypic.com/2u9o01t.png

  hey folks,
  for some reason, i can't get the managed screensaver prefs to stick (specifically the module name and the timeout) for any account (or the login window) other than the directory administrator. i'm using a brand new mac pro (2009) as a 10.5.6 leopard server with OD. i changed the UUID (or whatever it is now) in the byhost prefs to the mac address (made a duplicate on the server) so wgm would pick it up as byhost. what can i do to remedy this?
  here's a screenshot:
  http://i41.tinypic.com/2u9o01t.png

• Powershell termination script to remove manager from direct reports

  Working on a powershell script for termination and I want it to remove the terminated user from the manager field of any users that currently have it.  I know I can't use the direct reports data as it doesn't link correctly.
  Looking essentially for a script that would filter all users based on the manager field and then based on those filtered users, set the manager field to $null.
  I have tried commands to the effect of
  get-aduser -filter { manager -eq "<username of term'd user>"}
  and also
  get-aduser -ldapfilter '(manager=<username of term'd user>)'
  But both commands come back blank even though I know there are users in AD with that manager.
  I've searched the interwebs, but can't seem to find this specific item.
  Any assistance would be greatly appreciated

  Manager isn't one of the default properties returned by Get-ADUser, which is why you need to specify it.
  What happens if you run this:
  Get-ADUser -Filter "Manager -eq 'CN=Walter White,OU=Users,OU=*DECOM,OU=*GLOBAL,OU=*Furmanite,DC=fwwi,DC=net'"
  I've never had an OU with a '*' in it, perhaps that's causing your problems.
  Don't retire TechNet! -
  (Don't give up yet - 13,225+ strong and growing)
  Well, looks like you're right on the "*".  I moved Walt to the default User OU in AD and it worked:
  [PS] C:\_install\scripts>get-aduser -filter "Manager -eq 'CN=Walter White,CN=Users,DC=fwwi,DC=net'"
  DistinguishedName : CN=Jesse Pinkman,OU=Information Technology,OU=Houston,OU=Zohno,OU=Test,OU=*GLOBAL,OU=*Furmanite,DC=
  fwwi,DC=net
  Enabled : True
  GivenName : Jesse
  Name : Jesse Pinkman
  ObjectClass : user
  ObjectGUID : 56f971e6-2f95-431e-b3e0-5275c7546d4d
  SamAccountName : jpinkman
  SID : S-1-5-21-2931136610-426972087-2848873238-67126
  Surname : Pinkman
  UserPrincipalName : [email protected]
  DistinguishedName : CN=Optimus Prime,OU=Houston,OU=Zohno,OU=Test,OU=*GLOBAL,OU=*Furmanite,DC=fwwi,DC=net
  Enabled : True
  GivenName : Optimus
  Name : Optimus Prime
  ObjectClass : user
  ObjectGUID : f19d0172-ee15-47db-bdb7-2977acd85907
  SamAccountName : oprime
  SID : S-1-5-21-2931136610-426972087-2848873238-67127
  Surname : Prime
  UserPrincipalName : [email protected]
  DistinguishedName : CN=Johnny Manziel,OU=Houston,OU=Zohno,OU=Test,OU=*GLOBAL,OU=*Furmanite,DC=fwwi,DC=net
  Enabled : True
  GivenName : Johnny
  Name : Johnny Manziel
  ObjectClass : user
  ObjectGUID : ac8f5a13-8742-4a2f-a476-a1e8175ade07
  SamAccountName : jmanziel
  SID : S-1-5-21-2931136610-426972087-2848873238-67128
  Surname : Manziel
  UserPrincipalName : [email protected]
  Your original recommendation works when Walt is in the default Users OU as well.

• Removing Managed PC Boot Agent v4.31

  We would like to sell our computers, but we cannot remove the managed pc
  boot agent. This causes the computer to reset to the "IMAGE"!

  Turn off PXE in the BIOS settings of the machine
  Cheers Dave
  Dave Parkes [NSCS]
  Occasionally resident at http://support-forums.novell.com/

• EP7, UWL, want to remove Manage Substitution Rules + Personalization

  Hi everyone
  Max points to the person who comes up with the workable answer!!
  Have upgraded from EP6 to EP7. Want to switch off personalize and
  manage substitution from the drop down list displayed in the main UWL
  view. Have looked at Content Admin => Portal Content => Content
  provided by SAP => End User Content => Standard Portal Users => IViews
  => <the UWL iview> => Object => show personalize option / disable
  substitution profiles => set to off. But the two options can still be
  selected from the dropdown. Anyone have any idea how to fix this?
  Kind regards
  Jon

  Hi,
  http://help.sap.com/saphelp_erp2005vp/helpdata/en/09/6d6b17b29b4eef83a553acaa52f668/frameset.htm
  You can configure UWL ui using by excluding (some of the actions). The details are provided in the link given in the above link.
  Regards,
  Sam

• Location manager prefs file?

  I just got my powerbook back from a disk crash and am trying to rebuild it.
  I have a copy of the drive saved on an external, and Im selectively restoring the stuff that I want.
  I would like to be able to recover my location prefs as I have four or five places set up where I regularly use the p/b, but cant find where/how these are stored.
  Is there a location prefs file or similar which I can transfer to the rebuilt machine..?
  Thanks

  If you go to <username>/Library you'll find a Safari folder that you can drag accross and preserve all your Safari settings. The network file you need is in, I think, <harddrive>/Library/Preferences/SystemConfiguration, but I'm not sure on this one. You may also want to drag across the <username>/Library/Application Support folder to preserve settings in many apps.
  Hope that helps.

• How do I remove/manage a custom color swatch?

  My color window is getting overly crowded with custom color swatches. How do I remove a custom color swatch?

  You do know you can drag the Motion color chooser's color swatch window to reveal a great number of squares, right?
  Patrick

• Search an smb share while logged into AD with OD managed prefs

  _*Hi,*_
  We have a set up here where i have enabled the indexing on smb share via mdutil, but when i search the share the only things i can see are things i have created, but if i log in as a standard local user, mount the smb share and enable indexing i can search the share perfectly well.
  The permissions to the various folders on the smb share (sbs 2003) all appear to be the same.
  Any ideas much appreciated

  I ended up (for other reasons) reinstalling Solaris 11 among other things, and at some point this strange problem went away. I don't know exactly why or what was causing it in the first place, unfortunately. At least it's gone.
  Cheers,
  Kevin

• Managed dock prefs

  Hi I'm trying to apply different managed dock prefs for Macs in various labs. I created various docks on a client machine, uploaded them to the server, then set up groups for each lab and applied a managed dock to each group. I decided to modify the dock prefs, but for some reason the new changes are not applied to the client machines. I've tried deleting library/managed preferences, I've also tried removing the managed pref completely from the server, but it seems that the original once is still being applied.

  Doh, solved it. Just in case anyone comes across anything similar, check dscl>Local>Defalt>ComputerGroups. I had a dock preference set in here that was overiding the new server prefs.

• Managing Client Prefs not working

  I have a OD master and most of my services are working fine, like ichat, ical, file serving etc.
  I cannot get the workgroup manager / preferences to be applied to the client. I can change them, but then when i go to the client, nothing happens.
  (i am try to do things like define software update path, make shared folders be always visable, change default energy saving settings, etc.
  there is no information in the system profiler under managed client
  in the accounts window of each client is says they are managed.
  i believe i am making a basic error in my understanding of managed clients. Do they somehow log into the server to get that information? how do i get them to do that?

  Eric Hilferding wrote:
  do i have to log out or restart for a change to take place?
  You can just log out then back in.
  Eric Hilferding wrote:
  is it normal to have to setup the COMPUTER to effect the changes instead of USERS?
  I'm going to say no to this though I'm in the same position as you USERS and USER GROUPS doesn't apply the effect of the preferences but COMPUTERS and COMPUTER GROUPS does.
  As I understand it COMPUTERS and COMPUTER GROUPS is applied to the machine no matter who is logged in were USERS and USER GROUPS is the user/group only. So for example if your running a software update server your probably best setting up a COMPUTER GROUP call something like "All computers" or "All Snow Leopard Computers" etc if running different operating systems on your clients (as there is a different http link you use in the WGM software update prefs depending on OS) and applying the software update pref to that COMPUTER/GROUP.
  If you were to apply a software update pref to the USER due to the three different http links needs for the correct catalog then should the user move mac to a different OS you'd get an issue.
  I'm new to the whole server bit so someone else could probably tell use what were missing with regards USERS and GROUPS
  How ever a couple of tips I've picked up (or fallen foul of!)
  In workgroup manager in prefs under the tab Details you'll see a list of your managed prefs with a little arrow next to them you can ad more prefs to control from here they just don't get the nice UI like under the Overview pane.
  In WGM > Prefs > Details (TAB)
  click on the small + button and navigate to
  Server HD > System > Library > CoreServices > ManagedClient
  The click ADD
  It will then place in loads of PLIST files that you can edit to control things like iTunes etc
  I think there called MCX files you may need to google it for a better explanation
  Also I don't know if you use the Servers default locations for storing say Address Book Server Doc etc but if you ever set up a MySQL service and you change the data location from the default (in server admin) then don't use spaces any were in the path. I did and it got stuck in a startup loop and caused me hours of headache!
  So
  Volumes/My External Hard Disk/Server Data/MySQL Database
  Is a big no no. Use
  Volumes/ExternalHD/ServerData/MySQLDatabase
  Or just leave were Apple wants it! lol
  Finally if you set the TIME & DATE System Pref on your server to grab the time/date from say time.apple.com (or what ever the defaults are) but then on your clients set them to look at your servers FQDN for time/date this syncs everyone to the server which is apparently good for KERBEROUS and also stops them going out over the internet.