How to Configure Managed Preferences in Lion Server

By John Rizzo

Managed Preferences allows Lion Server to manage system, user, and applications preferences on Macs connected, or bound, to an Open Directory domain. To configure Managed Preferences, click the Preferences icon in the Workgroup Manager toolbar. The left side of the Preferences pane uses the same tabs (users, groups, computers, and computer groups) as the Accounts pane.

image0.jpg

Note the icons on the right side of the Workgroup Manager window under the Overview tab, such as Applications, Classic, Dock, and so on. These icons represent preferences manifests that have been preset in Workgroup Manager. Some of the preset preferences icons don’t apply to different types of accounts and therefore aren’t displayed.

If you see a mouse-pointer icon next to the icons in the Overview tab, it indicates that they have some managed preferences configured.

Although the Overview tab has many commonly managed preferences, nearly any preferences list in Mac OS X can be managed. Other preferences manifests can be added in the Details tab.

As an example of how to set up managed preferences, here are directions on configuring a list of applications that can be launched on Macs that belong to a computer group. Users of these Macs are prevented from launching applications not on your list. This restriction can be useful for Macs in a public place, such as a school computer lab.

Note that you can designate individual applications, or applications that reside in folders, such as Microsoft Office. You select those in two different places. Here’s how to set allowed applications:

  1. Click the Preferences icon in the Workgroup Manager toolbar and select the Computer Group tab (two overlapping squares) above the list of accounts.

  2. Click the Applications icon under the Overview tab.

    For applications that reside in folders (such as Microsoft Office), click the Folders tab instead.

  3. Select Always from the Manage options and then select the Restrict Which Applications Are Allowed to Launch check box.

  4. Click the Add (+) button and select the applications from the list the appears; click the Add button in the dialog.

    The list of applications that appears includes those that are installed on your server Mac. Any application you want to permit users to launch must be also installed on the server.

    If you are in the Folders tab, when you allow an application residing in a folder to be launched (such as Office), you also allow helper applications to run. You can manually deselect the helper apps to disallow them.

  5. Click the Apply Now button to save your settings.

    If you get a message asking you to digitally sign applications, click the Sign button if you want to enable the server to identify apps on the Macs.

    A list of applications allowed to launch in the Managed Computers computer group appears.

    image1.jpg

  6. Click the Done button to return to the Overview tab.

You can also manage other preferences from the Overview tab.

If you now click the Details tab, you can view precise information about each preferences manifest.

image2.jpg

The Details tab allows you to edit the preferences manifests by clicking an item in the list and then clicking the pencil icon below the list. A new pane opens to show the details of the preferences. This is also where you can find the option for the Often setting of a managed preference.

image3.jpg

With the Details tab, you can import preferences from other applications or sources. Click the Add (+) button to add those preferences files (in the .plist format) to Workgroup Manager.

You can also set managed preferences for user, group, or computer accounts from their respective tabs above the list of accounts.