Update:
We have decided against using Profile Manager.
Simply put... it appears unstable... and unpredicatable.
Should you plan to implement OSX (Mountain Lion) Profile Manager in your enterprise, please be advised of the following possible consequences:
-- Group profiles are almost impossible to deploy consistently
-- There is a high probabilty of the "active task" being stuck indefinitely and/or simply failing to deploy altogether
---- Therefore... having a group "sales" or "support" that each have serparate and distinct users... and separate and distinct restrictions, dock settings, mail settings etc... just won't deploy consistently.
-- On the otherhand... Device profiles seemed to deploy with fair ... to good consistency.
-- Be advised that a bunk profile... may actually result in all of your group profile restrictions being removed and/or destroyed. This may pose a security risk depending on your organization.
-- We have found a number of "silent-ish" errors that are undocumented, but destroy the prescribed profile.
---- for example: calendars appear to destroy group profiles. multiple short name aliases. restrictions may allow you to block your own deployment.... etc etc
---- we honestly felt that adding any additional settings was the equivalent of playing undocumented minesweeper... maybe it works... maybe it breaks everything
-- heads up on mail settings... if you mess up the initial setting... and try and remove the profile... it will delete the imap settings... but leave the smtp settings behind.
-- this further complicates trying to correct a typo in a mail profile (because of the reminent smtp setting)
-- In our opinion... typos happen... if you spot the typo and correct it in a profile... it should deploy and fix the typo... not get stuck and break the profile manager.
---- similar experience with messenger
-- we experienced a major silent error with zero documentation and/or error log messages... in fact, profile manager on the server would report that a settings update deployed and succeeded... the client would receive the request to update the setting... it would acknowledge the update in syslog... but it just wouldn't take. this was ultimately what caused our decision to move away from profile manager. we don't know what caused the error... but after hours upon hours (weeks) of downtime trying to fix this... we decided it simply wasn't worth it.
-- For comparison sake... all the mystery errors that we were unable to solve in profile manager... were fixed with MCX profiles set in Workgroup Manager upon first deployment. The MCX profiles pretty much deploy consistently and as expected.
----- MCX glitch and workaround. The only real MCX problem we would find... is on computers that have been renamed. For example... repurposing a salesworkstation1... for salesconferenceroom... would leave behind a Computer MCX profile that may conflict. The solution was to delete it:
-------- dscl . list Computers
-------- # look for any bad computer names
-------- dscl . read Computers/badcomputername (just to check it out)
-------- dscl . delete Computers/badcomputername
-------- mcxrefresh -n username
---------------- if no errors ... you're good
---------------- if errors... repeat deleting more computer names (even the real workstation name)
--------------------- retry mcxrefresh -n username
--------------------- repeat until no errors
Long story short, we feel Profile Manager shows promise for the future... but it's simply not ready now.
We were able to complete massive settings deployments within 2 days of using MCX (that we couldn't achieve struggling for weeks with Profile Manager)
I'm happy to discuss feedback if you are reading this post... and feel like Profile Manager is behaving strange.
If you have successfully deployed settings using Profile Manager and disagree with the contents of this post, I'd be interested to hear about it. It seems as if Apple is moving away from MCX ... ... we would prefer to use "supported" platforms (ie Profile Manager) ... we fear that MCX is in the process of being deprecated... and that we are kicking the can down the road by hanging on to MCX. Unfortunately, the business impact has been brutal... hence the switch to MCX.