As part of my session at the Configuration Manager Community Event in Bern last Friday I showed a couple of use cases where you could use the Compliance Settings of Configuration Manager 2012 to manage your Apple OS X devices. Check earlier blogs here and here. A couple of them were using the discovery and remediation scripts instead of directly editing the preferences. In this blog I will show you a quick tip if you want to set a welcome message or some kind of other message at the logon screen of the Mac device.
In the preference file /library/preferences/com.apple.loginwindow.plist you are able to set the variable LoginwindowText. So to be able to change or set a text message you need to create a Configuration Item with the settingtype set to Mac OS X Preferences with the data type set to string.
Next you need to set the Application ID to /Library/Preferences/com.apple.loginwindow and you need to set the Key to LoginwindowText. Be aware that the Key is casesensitive, so it is always wise to check the key in the PLIST file itself before trying to change it.
The next step in setting up the Configuration Item is the Compliance Rule. In this example I check if the value of the key LoginwindowText is equal to “Logon to this by ConfigMgr 2012 R2 managed Mac OS X Device”, and when it is not equal to the supplied text the noncompliant rule must be remediated.
After the Compliance Item is fully configured, you can add the item to an existing compliance baseline or a compliance baseline can be created and deployed to a collection of Mac OS X Devices. Always test your compliance. Remember to enable the option “Remediate noncompliant rules when supported” before deploying it to your Mac Devices.
After the baseline is deployed, checked for compliancy and if necessary remediated you should be able to see the configured message at your logon screen.
You can download this example here. Be sure to test the compliance baseline first in a lab environment before using it in a production environment.
In a following blog I will explain how you are able to enable remote administration and how you are able to add an administrative user to a Mac OS X device without needing to touch the device.