MCX Records, Printing, and finagling

Disclaimer: This is super nerdy/technical stuff for those who don’t know, for those that do know it’s probably going to sound like I’m a total n00b

Edit: I found this snippet to remove MCX cache on your machine

sudo dscl . -delete /Computers
sudo rm -rf /Library/Managed\ Preferences

If running it with ARD leave out

sudo

and run it as the user root

I’m a n00b. Just gonna go ahead and get that out. I’ve been an I.T. Manager since January of this year and have had to learn so many things, it’s mind-bottling. I’ve worked with Windows machines around my church and learned a lot from a really smart dude. As far as Apple goes, I switched from Windows to Apple in 2007 and have never looked back. I had to figure out a lot about Apple computers on my own, so I did. There’s a wee bit of background from me to you, with love.

Now, what just about anyone on the planet will tell you is that printers are evil. Before you get all excited and think that I hate puppies and wanna destroy the belief in unicorns, I just want to say that printers are made to suck so that you buy many of them as well as spend a fortune on ink refills. There. I got that out.

One issue I’ve run into is setting printing policies and user management through Workgroup Manager on Mac OS X Server. I found that when the kids started using their machines at the beginning of this school year that I needed to learn a pretty big issue. I had to learn how to correctly manage many user accounts, their associated devices, and their policies and I had to do it efficiently with minimal input from a human being.

I didn’t do that very well, but I did understand how I could do it and begin remedying the effects of not doing that correctly from the beginning. In Workgroup Manager there are Users, User Groups, Computers, Computer Groups. The idea is that you can set many different policies from many different situations if you so desire (but don’t go too cowboy or you’ll regret it). Personally, I have found that creating Users, Computers, and Computer Groups allows me more than enough flexibility.

At the start of this school year I had to prune our directory. Students left, we got some new students, all of the classrooms were different. So I create a Computer that corresponds to a user. For example, if I have a student named Joe Smith I would create the Computer Joe Smith Joe-Smith. Then for each classroom I create a Computer Group and the Computers that are in that class. Defining policies by machine versus defining policies by user has allowed me the flexibility I need from year-to-year, as every school year devices switch users and even grade levels.

One of the issues that came up was that a lot of students had the wrong printer associated with their machine. What I found is that a lot of the Computers I had set up for each user weren’t getting a corresponding Hardware UUID automatically so that it knows which machine it needs to talk to. Some of them still had the UUID from the machine but they were holding on to the policies from the previous classroom the machine was used in, but was moved around to a different classroom.

Using Apple Remote Desktop I grep’ed for the UUID using this UNIX command as the user root:

system_profiler | grep 'Hardware UUID'

I take that string, copy & paste it into the Hardware UUID field in Workgroup Manager for the Computer object corresponding to the machine I grep’ed. Save those changes.

This step was important for me. I don’t know the exact time at which Workgroup Manager or Open Directory or whatever service it is decides to check if these machines have the latest policy but it’s not instantaneous, I can assure you of that.

That in mind I remove the MCX plist file with this UNIX command in ARD as the user root:

rm /Library/Managed\ Preferences/com.apple.MCX.plist

Once I’ve removed that plist file I can restart the machine and it will look for new orders from the server. This worked great for me for a group of kids just this morning so I will be working on refining the process and making it work more seamlessly so that I don’t have to so much hoop jumping. The trick for me is managing them correctly from the beginning ;-{D