Login & Logout hooks and MCX settings
Firstly yes I am perfectly aware that Apple no longer want people to use Login and Logout hooks or MCX i.e. Workgroup Manager managed preferences. Apple would prefer you use either Profile Manager to push settings which ironically can still include Login and Logout hooks, or to use a launchagent.
Unfortunately Apple have not taken in to consideration a number of valid reasons why people may still need to use Login and Logout hooks or MCX preferences. As it happens in my own case all those reasons apply in this situation.
- Some tasks require root level permission, a launchagent runs as the user who has logged in not as root and so can be insufficient for this
- Some tasks need to be done at logout, there is no equivalent to a launchagent for logout tasks, even if problem 1 above did not apply
- Using an MDM solution e.g. Profile Manager requires you have Internet connectivity - my own case is for a network deliberately setup with no connection at all to the Internet for security reasons
I can confirm that individual Login and Logout hooks still work in Mavericks and Yosemite when defined locally on a Mac. I can also confirm that Login and Logout hooks pushed via Profile Manager also still work in Mavericks and Yosemite however see problem 3 above. I would therefore like to use instead Login and Logout hooks defined via Workgroup Manager and assigned to a computer group - just like the good old days. 😉
Unfortunately I am getting the impression due to a lack of success so far that trying to apply Login and Logout hooks this way does not still work for Mavericks and Yosemite clients. 😟 I can confirm that a file does appear at /Library/Managed Preferences/com.apple.mcxloginscripts.plist but this appears to have zero effect. 😢
Note: I have added the desired computers to a computer group being managed for MCX settings, and the fact that the file does appear implies that this part at least of MCX settings still works, i.e. a Mac bound to an Open Directory server as a client does read the MCX settings and download them. It is just it appears not to be then obeying them.
I would be grateful if anyone has a solution to this or as I suspect will be extremely unlikely an alternative approach that will fit my requirements.
At the moment the only solution I can currently see that will work is the fact that in this particular situation I can just about get away with just using the locally defined Login and Logout hooks. On a 'normal' Internet connected network I have been able to have the luxury of having two Login hooks - one local and one via Profile Manager. I even managed a clever cheat of using a custom Profile Manager setting and a launchd script to activate/deactivate a local Login hook.