2
Chapter
What Is the Managed
Preferences System?
You’re reading this book, so it’s likely that you have some inkling of what the Managed
Preferences system is. We’ve found that while many Mac administrators have a vague
idea of what Managed Preferences are, they’re looking for a deeper understanding of
the system and some concrete examples of how to implement preferences that help
them in their day-to-day tasks.
Apple’s Managed Preferences in Mac OS X is a
policy framework
. As a framework, it
doesn’t really do anything on its own, but, rather, it lets you build what you require
around it. Yes, this means a little work.
In this chapter, you’ll learn how Managed Preferences came to be, what Managed
Preferences actually are, what you can manage, and what you’ll need to do so.
How Did We Get Here?
Pre-OS X Macintosh machines were, of course, revolutionary: a computer for ‘‘the rest
of us.’’ However, there was one thing they lacked in comparison to their DOS and
W i n d o ws-r u n n i n g b r e t h r e n -----manageability. As computers populated businesses more
and more, the ability to control the end-user experience helped DOS and Windows
machines win the spot on business users’ desks. Remember that the Macintosh had no
lack of word processors, and Microsoft Excel showed up first on the Mac.
CHAPTER 2: What Is the Managed Preferences System?
10
Typically, this manageability came in the form of DOS batch scripts that ran on machine
startup, or at network login (the then-popular Novell NetWare allowed a central login
s c r i p t t o r u n w h e n a u s e r s u c c e s s f u l l y a u t h e n t i c a t e d ) . A n y M a c i n t o s h m a c h i n e s -----usually
l o c a t e d i n a n a r t d e p a r t m e n t -----were adrift and often required a dedicated admin.
Naturally, businesses didn’t like that too much.

CHAPTER 2: What Is the Managed Preferences System?
11
NOTE: When we talk about ‘‘modern systems,’’ we’re referring to being better suited to run on
more contemporary architecture designs. Also, Unix has long been known to be scalable----but
we need to stress that OS X is now designed to scale up
and
down. It’s a single OS that runs
on eight core MacPro machines with 8GB (or more) of RAM, down to a phone with an ARM
processor and 256MB of RAM. How interesting is it that QuickTime X was originally written for
the iPhone and then ported to full Mac OS X?
Where Are We Now?
Being the seventh version of a radical new operating system (Mac OS 9 it is
not
), Mac
OS X v10.6 has solidified everything about the original Mac OS X v10.0 experience.
A m o n g t h e s e c h a n g e s , t h e M a n a g e d P r e f e r e n c e s s y s t e m -----introduced in Mac OS X
1 0 . 3 -----is Apple’s solution to allow a centralized way of shaping the end-user’s
experience. As mentioned in Chapter 1, this may take the form of restrictions for security
purposes. This may also take the form of creating a familiar environment that lets people
hit the ground running when they use a new machine.
Since managed systems have existed for Windows for a longer period of time, it’s easy
to compare and contrast. Microsoft Windows uses
Group Policy
to manage Windows
machines bound to Active Directory. These policy decisions are pushed down from the
central Active Directory controller to Windows computers. Similarly, the easiest way to
use Managed Preferences is to have Mac OS X Server running on your network. Once

A well-behaved OS X application uses the User Defaults methods to save and restore
preferences. These preferences will be created in the user’s own ~/Library/Preferences
directory. It’s essentially these preferences that are being managed with Managed
Preferences (‘‘MCX’’). These preferences can be read outside of any application with
either the GUI-based Property List Editor.app or the defaults command-line tool. These
two utilities can read, alter, and write preference files, which are stored in the property
list format.
As mentioned, Managed Preferences can be applied to an individual user (based on his
or her credentials), to a group (based on group membership in a directory), to a
computer (based on its UUID or MAC address (primary Ethernet)), or to a group of
computers (based on membership in a directory). Since Mac OS X supports both
network directory services and local directory services, you shouldn’t be surprised to
find that Managed Preferences don’t need a network directory to function. You’ll learn
more about implementing Managed Preferences with different directory services in
Chapter 6, ‘‘Delivering Managed Preferences.’’
When Managed Preferences are applied to a user, his or her session may behave
differently than anyone else who logs into that particular machine. It will also be applied
to the session no matter which directory-bound machine the user authenticates to via
the GUI. Similarly, when Managed Preferences are applied to a group, all members of
that group will have the same changes applied to their sessions no matter which
directory-bound computer they log into. Finally, when Managed Preferences are applied
to a computer or a computer that is a member of a managed computer group, anyone
l o g g i n g i n t o t h a t c o m p u t e r -----without respect to user credentials or the groups that he or
s h e b e l o n g s t o -----will have the same preferences applied. While this may sound a little
complicated, it’s pretty straightforward in practice. In each chapter, we’ll cover a bit
more about how these preferences are applied, how they interact with each other and,
ultimately, how to debug them when they’re not behaving as you’d expect. There’s also
an entire chapter dedicated to practical examples to guide you in creating your own
preferences.
CHAPTER 2: What Is the Managed Preferences System?