Managed Preferences is one of the many options available in Open Directory. Using Managed Preferences, administrators push settings to client computers that have been bound to the Open Directory environment. Open Directory uses various fields, or attributes, located within its database to push those settings out. That database is an LDAP database, the same type of database available in practically every modern implementation of a directory service to date.

A great example of using Managed Preferences is the parental controls options for a local computer running Mac OS X. If you open System Preferences from the Apple menu and click on the Users & Groups System Preference pane, you will see a list of the users on the local computer. Click on a nonadministrative user, and check the “Enable parental controls” checkbox to manage the account locally.

Once checked, click on the Open Parental Controls… button to bring up the Parental Controls System Preference pane. Here, you can enable the Simple Finder (a simplified user experience), limit which applications the user is able to open, edit whether the user can change their Dock, restrict access to websites, restrict access to manage printers, restrict burning optical disks, limit with whom the user can mail or chat, and restrict the use of computer to specific times (Figure 8-11). This is done per computer, ...