OS X Server offers an extremely simple system to manage account preferences, at least those user preferences predefined by Apple. Systems administrators, however, typically find themselves needing to control application settings that haven’t been singled out in Workgroup Manager.

The most basic method to controlling applications is to use the defaults command to write directly to the application preference list, as we’ve demonstrated repeatedly. This approach works fine for some settings, but there’s a problem: It permanently disables lockable preferences only for standard users (since administrative users can just unlock them) and most application preferences can’t be locked at all (so users can change them any time they like).

For any application that uses Apple’s .plist format, there’s a far better way to manage preferences across your network. A properly configured Open Directory domain can use MCX (Managed Client for OS X) settings to control any available user setting.

In Workgroup Manager, select the group for whom you’d like to manage an application’s preferences (in our example, that group includes all of our Macintosh users). First select “Preferences” from the toolbar above, then the “Details” tab on the right. Using the plus button, browse to the preferences file you’d like to control and click “Add”, selecting to manage imported preferences “Always” from the drop-down menu.

Double-click the preference name, and an editing window will open. Typically, you’ll wind up deleting the most of existing preferences from the editing window, keeping (or adding) only those you wish to manage.

Using this approach, you can take fine-grained control of most user-level settings, including managing application preferences more effectively. The result is preference settings that apply to standard and administrative users alike, controlled centrally through Open Directory even for third-party applications.