MCX, dslocal, and radmind

radmind¬†iconIn an earlier article about putting MCX data into the local DS store, I mentioned that I’m using radmind to deliver the pieces to each client machine. Here’s a little more detail on that.

Let’s start with a negative transcript, which I call Leopard_MCX-neg.T:


The first line tells radmind to leave the contents of /Library/Managed Preferences alone, since this is where the MCX compositor stores managed preferences data. This data is actually rebuilt when needed, so if radmind removes it, it’s not the end of the world, but there is no real reason for radmind to scan it or manage it.The following lines tell radmind to insure the directory /private/var/db/dslocal/nodes/Default/computers exists, but to leave its contents (mostly) alone. Then we define the local_desktop and local_laptop files described in my earlier article. If they are missing, radmind will replace them with the versions on the radmind server, but it will otherwise leave their contents alone. This is needed because we have a script that modifies their contents – adding the MAC layer address of en0 to one of these two files.

Next is the corresponding positive transcript – Leopard_MCX-pos.T:


The first line is the script I use to modify local_desktop and local_laptop, described in the earlier article. I have a standard place I put all scripts that I want to run at startup, and a pre-existing script that runs all these scripts. Here is a description of that mechanism.

The second line instructs radmind to manage the computergroups directory in the local DS store. We only want the computergroups we define there, and we want radmind to remove old or obsolete or no-longer applicable computergroups.

Finally, a seperate radmind transcript for each group of policies I want to manage:


In most cases, these each refer to a single computergroup:


The beauty of this approach is that you can use Workgroup Manager’s UI to set your managed preferences, capture the associated files in /private/var/db/dslocal/nodes/Default/computergroups using the same methodology you use now to create radmind loadsets, and use radmind to distribute them, with the same ability to customize command files per machine, to overload transcripts on certain machines, etc. Right now, I simply have all these transcripts in a single command file which I inlcude via K-in-K in the command files for all Leopard machines.

MCX, dslocal, and radmind

One thought on “MCX, dslocal, and radmind

Comments are closed.