All right. Good afternoon, everyone. Welcome to the last session between you and the peer bash. And my name is Juussi-Pekkka Mantere. I am the Engineering Manager for Managed Client 10 and Portable Home Directories. I work in the Desktop Management Solutions team at Apple. So for our agenda today, first of all, could I have a show of hands? How many of you are developers? Not IT professionals, but software developers? Wow.

OK, that's excellent. I wasn't quite sure if we had more IT folk or if we had more developers. The more developers, the better. This will be a good session for you. So the agenda-- we're going to talk about best practices of good behavior. So what should your application do if your application will be used in a managed environment or in a network environment? We'll cover Portable Home Directories, and then we'll go into Managed Client 10 in Tiger, what's new, and specifically, what our preference manifests.

So just as an overview-- What is a network user? I'm not sure how many of you actually use network accounts or network home directories. So there are a couple of things that are unique in this kind of enterprise deployment environment. We have network accounts. We have network home directories. We have managed accounts. We have laptops that have mobile accounts. And we have managed systems.

And then we have roaming users who are on wireless networks. So what would your typical network look like? So we have a network, servers, and we have administrative systems. And then we have a bunch of users and work groups and systems. And all these would be managed. So users, those are created by IT administrators. Work groups would be typically, let's say, the WWDC attendees.

That would be a work group. WWDC, Apple staff, that could be another work group. And then systems. All of these things can have custom preferences or settings or management applied to them. So that's your basic network setup. And then last but not least, we also have wireless users. So we have people who would come on a laptop, hook up to an airport or Wi-Fi network, and then be roaming on the network, come and go off as they connect to the system. So what are the considerations here then?

Network Home Directory is, of course, different than your local home directory. Performance characteristics would be different because everything is going to go over the wire. And this is not your typical feature, as in Windows. Because of OS X underpinnings, it's all Unix. So Network Home Directory is just the same as your local home directory. From the operating system point of view, it just starts from slash network as opposed to slash users.

And then another consideration is your users might be managed. The systems might be managed. So by management, we mean Workgroup Management settings in a Mac OS X server. And other types of management would be having DHCP-assigned addresses, so your network settings could also impose management on you if you get DNS settings or open directory settings from your DHCP binding. And another type of management would be systems management. So Apple Remote Desktop could be a way to install packages on the systems on the network.

And finally, we have Managed Client 10, which would be client management. The settings and the users and workgroups in your network environment could be managed through Workgroup Manager. And one form of this would be parental controls. In Mac OS X Tiger, parental controls would use, let's say, the settings for Safari or other system settings that also impose management on the local system, even when the local system is not a network client. of clients.

And then there's also an issue with accounts. So do you have a network account that has a network credential coming up from a directory system, or is it a mobile account, or is it a local account? So a mobile account would be a hybrid of the two, where a local account is just the local net info node.

So your mobile account caches your network credentials. And if you do have a mobile account, then your authentication information comes from the network. But as the local user cannot change their credentials, and if the local net info node is modified, then the settings would be overwritten by the next time the account is synchronized back to the network.

So I'm going to cover two different best practices. One is for file system access. The other one would be for preferences. So first I'll cover file system. Of course, what you want to do if you write applications that will be used in a network environment-- so run either from a network volume, or in an environment where the user's home directory would be on a network volume. So optimize the performance. Minimize disk access.

So if you hit the disk all the time, then that's going to incur network traffic. And who's going to benefit? Your network users and your portable users. So the less you access the disk for any application data inside your bundle, looking up whatever or whatnot, if you can optimize that performance, your users who are on network accounts or who are using laptops or portables will thank you. And the tools available to you would be SHARK, or FS usage, or SC usage.

And there are also tools where we can use-- we can have-- oh, sorry. We have documentation on the Apple Developer site. There's optimization for system level. There's optimization for performance for the file system. So if you look them up on developer.apple.com, you'll find loads of information on how to use these tools and how to make the best out of your application.

If you do have to create local files, you might want to consider whether you create those files, temporary files, in the user's home directory, or if you're going to create them on the local system. You have utilities in the OS that gives you the path to the right places. Use fsfind folder, and on system disk will get you pieces that are local to the system, not on the network disk. You can also find temporary folders or chewable items that will reside on the local system.

Tilde Library caches. How do you use caches? Is it private data to the application, to the user? If the user is on a network home directory, then anything that goes into the cache directory will actually go over the network. If you're optimizing your application's performance so that it doesn't access the network, and it's using local caches, then in fact, when it's accessing the cache, it is going on the network. You might want to use local data for cache, local system disk. You might want to use caching as opposed to user directory data.

There could be some security concerns regarding the use of local files. There was a session earlier this week regarding how to make sure that if you do create local temporary files, that they're not accessible by other users or other applications, so how to secure those. What is the best way of finding out how is your application behaving?

Test it out. Use your application either on a locked volume, on a network volume, so try out the different scenarios that your typical user would most likely encounter. It's not just a local system, local hard drive. You'd want to cover using your application from a network volume, from a locked volume, and from a locked system where the user does not have access to the local disk, because that disk might be locked only for administrator access. Next, I'm going to cover preferences. What about preferences management?

This comes into Managed Client 10 and preferences management. The rule of thumb here is to use CFPreferences copy-up value. This will always get you the right path to the preferences. We will use the CFPreferences framework, and because of the management, the way it's applied, it could be imposed on the system, and you may not even know. Your application may not know where the preferences are coming from.

They could be locked for the system, they could be locked for the user, or could be locked for the work group that the user is part of. CFPreferences copy-up value is guaranteed to return the right preferences. The right preferences state whether or not it's managed. The corresponding class in Cocoa would be NSUserDefaults and objectForKey.

And do not use CFPreferences copy value unless you explicitly need some information from a particular domain. So if you want to find the global preference for setting XYZ, you would use CFPreferences copy value, but not as the standard preference is called. You'd want to use copy app value instead.

And if you do support preferences, you would want to make sure that any preferences that you have reflect the management state in the user interface. So if the preferences are locked, you can find by calling CFPreferences app value is forced, or using NSUserDefaults, object is forced for key, and know that this preference is not under the user's control.

It is imposed on the user by the network administrators. And you can also inherit the user interface through Cocoa Classes. So you could use NSUserDefaults controller to find out whether or not that object that's tied to that UI element, the key underneath it, if that's locked or not.

So, applications behaving badly. Excessive file system access. For example, if you have an application that uses fonts and wants to copy them to the local system, it really is not necessarily the best idea to copy them to the user's local home directory, because that could be a network volume, and any time you access that, you will incur network transaction.

The bits are going to go over the wire, and it's not as efficient as having the fonts reside on the local disk. So, use library application support for storing any files that you'd want to install for the user, but you'd really want to install on the system, not just for the user, because the user home directory, user still library, will be on the network disk.

And if you're creating network-shared resources, well, let's say you want to share movies or share music or whatnot, you'd want to support turning off that feature. Because in some settings, let's say in a school environment or in an enterprise company or at universities, perhaps the administrators don't want to enable people sharing stuff on the network, just ad hoc sharing, like using Bonjour or whatnot to find resources. So if you do enable sharing of resources from a local system, you'd probably want to have a preference that disables that functionality so that the system administrators can control that.

So that was a wrap-up of the two areas, preferences and file systems. I'm going to talk briefly about Portable Home Directories. So Portable Home Directories is a new feature in Mac OS X Tiger. In Mac OS X Panther, there was a feature called Mobile Accounts, and those were attached copies of your network accounts.

So in Tiger, we have mobile accounts with Portable Home Directories. So we have a local copy of the network account with a local copy of the user's network home directory. And in case of management, if the user is managed, we can use the Workgroup settings and the management settings on the local system as well, on a portable, on a PowerBook, even when it's not connected to the network.

And a Portable Home Directory can be created either locally by the user, if the user has admin privileges. So it's going through system preferences accounts and just making a local account, and can also be created through Workgroup Manager. And for application developers, the one thing that you want to be aware of is not using hard-coded paths. User's home directory will change from /network to /users.

So if you write anything that's relevant to the user's home directory, you'd want to make it relative to the tilde path for the user, and not using hard-coded paths for the user, because those aliases and paths will not be valid if the user is going to have a portable home directory.

So with that, we'll do a quick demo. And let me invite Bruce Gaya, who is the engineering lead for Managed Client 10 and Portable Home Directories. OK, thanks. JENS DOPKE: If you can go to demo one. First of all, I want to describe my demo setup here. On this machine, we have Mac OS X server, and these two have been set up as clients. I've set up, and now I've launched Workgroup Manager, and this will give you a view of what's set up in the directory system. We have some users set up, some groups, and some computer records.

And also, each of these clients have been bound to the server using the directory access so that when they wake up, they get the directory settings from this server. OK. So what I'm going to do is I'm going to, as an administrator, allow Juussi to create a mobile account and a portable home directory. And so I go to this panel here and go to the Preferences.

And you see a lot of preferences. Many of these were also present in Panther. We've changed some of them, and one of the ones that we've changed is Mobility. So I click on Mobility, and I see there's two tabs here, Synchronization and Rules. So I'm going to say Always, and I'm going to click this box which says Synchronize Account for Offline Use. This box down here will present a dialog when you log in so that you can choose if you really want to create a portable account on this machine, or you want to just log in as your network account.

Okay, and I'm going to apply now. Over here are some rules sections which allow you to decide what gets synchronized. And this tab here says Login and Logout Sync, and I'm going to click Always. And I'm going to add two folders which will be synchronized at Login and Logout. So first of all, I need to browse for it. I'm going to get the desktop, Add.

And also, Documents, Add. And that's all that I want synchronized at log in and log out time, so I'm all set with this. Just those two folders. Now, Background Sync. And this sync will occur in the background. Its default is every 20 minutes. And I want that to match my log in and log out sync settings for this particular user. So I'm going to get rid of this. By default, it syncs everything. I'm going to get rid of that. And instead, I'm going to say, just sync Desktop.

and Documents. And I say apply now. I want to mention something else. This pane down here will allow you to skip a bunch of things, and you can set up wildcards, and it's very rule-based, so I could say no syncing of .mp3s or that sort of thing, but I'm going to leave it in the default settings for now. So just desktop and documents and the background.

And now in the options, I told you that it default syncs every 20 minutes, and I can change this here using this slider, but for my setup, I don't want any of that background syncing because I don't know what the network load is going to be, so I'm just going to say manually for now.

And so just say apply now, and now it's all set up for you. All right. Thank you, Bruce. So if you can have demo three up, please. So this is another machine that's hooked up to our small little network over here, and as you see, we have users that are network accounts. So I'll just log on to my account.

I have my trusted presentation, Designing Network-Friendly Applications. I just bring it to the desktop and copies, and here it goes. So now that's a copy on the local system. And let's say if I log on back to my network home. Let me just take this out. Oh, and one more thing. I'm not really sure if I really want to keep the YouTube video here. It's about 30 megs. It was nice for a while, but I've seen it enough times, and there are new iPad ads there, too. So I'll just delete that file.

Okay, so now my desktop is modified on the local system. So if you can have Demo 2 up, please. So on Demo 2, this is, again, a network user, network accounts. And if I now log on to my network home, This is now a live connection to the server system. And if I look at what my network home looks like, well, it's on network servers, WWDC local/users/Jussi. And I still have my YouTube photo, and I have no presentation.

But if my PowerBook now syncs up to the network, So let me do a manual sync here first. And let's just keep demo two up there.

Okay, there. So now my PowerBook, my laptop, is synchronizing itself up to the network, and voila, my really important presentation is now pushed up to the network home directory.

And, well, where did my YouTube movie go? So any changes that I make on the local system get propagated back up to the network. So that's the Portable Home Directory. And for you as developers, the things to note is that now my home directory path on the PowerBook is not network servers. It was slash users slash JuSsi. So if any applications had written that path into any of their settings files, it would no longer be valid on the laptop.

So, and of course on the laptop, the local net info node, the user credentials are copied from the network account, so if any changes were made on the local system, those would not get applied to the local account, or they would be overwritten next time the system is synced back to the network. So, that is the Portable Home Directory demo. If you can go back to the slides, please. And thank you, Bruce.

So what's next? We'll talk about Managed Client 10 in Tiger. So what's new in Managed Client 10 in Tiger? Here's the Workgroup Manager screen. This is what network administrators would use to manage the settings in their network. And here we see there are a couple of settings. There's the dock setting, there's the mobility setting, and new for Tiger are mobility preferences for Portable Home Directories, and software update settings in Managed Client 10.

So in the Mac OS X Tiger server, there is a software update proxy, or software update server, and we want to have the clients also use that server, and there's now a managed setting to have the clients hook up to their local system, as opposed to going to Apple for their software updates. We have proxy settings, so we can use Workgroup Manager and Managed Client X to manage the proxy settings of the network clients, and we have support for login scripts, so instead of having login hooks for the local system, We can have network based login scripts.

And we also have login window message. And if you saw on the demos, the login window has a custom item there. Welcome to WWC 2005. And that's coming from the managed client 10 settings through the login window message. And finally, there are details. So details is a way to edit preferences. So preference editor inside Workgroup Manager. And new types of settings-- once, often, and always.

So all usually in-- traditionally in Mac OS X Panther, the settings were either forced, they were always on, or they were not on. But in Mac OS X Tiger, we have new classes for having the settings applied for the user once, or having the settings applied for the user often. And by often, we mean the settings are applied for the user whenever the user logs on. So any new login session will have these settings applied for the user.

Last but not least, the preference manifests. Preference manifests are a big thing. That's a way to tell how applications use their preferences. I'm going to go into further detail on the preference manifest here. Preference manifest allows you to declare how the application preferences are used. It could be custom defaults, or it could be enabling or disabling functionality settings of the application.

Having a preference manifest allows a system administrator or network admin to manage the deployment of the application through Workgroup Manager through the details editor that I'll show now. In Workgroup Manager, this is the interface that system administrators would use. Under the details pane, we see that there are settings for Managed Client 10 MCX and Doc settings.

This is the inside view of how the preferences are done for Managed Client 10. But now there's an add button. If I click the add button and I wanted to set, let's say, voiceover setting, I want to disable voiceover for a classroom or for a set of users because that's just too disruptive.

So I would go and add voiceover in the details view, and voiceover has a preference manifest in it built in. And once I add it to the Workgroup Manager view, I see that it's an entry in the Workgroup Manager. If I now click edit, I have the view of... of setting the disabled state of voiceover to true. And how this actually works behind the scene, let me invite Bruce Geyer back on the stage and we'll show how this is done.

Oh, sorry. No, we'll go... First, yes. First we show how it was written and then we'll show how it's done. I was keeping ahead of myself. So preference manifest, well, how does it work under the hood? So for screen reader D, screen reader D is voiceover, and it's a bundle inside the application. And it's localizable, so it could be in multiple languages. And the Mac OS X server languages are English, Japanese, French, and German.

It's a property list. It's a plist. And it could be created by hand using property list editor. It could be done in Xcode. Pick your favorite text editor. And here's how the voiceover preference manifest looks like. It's really simple, very easy to do. So it's a plist. And first, we have a key in the dictionary in the plist for PFM underscore title. PFM stands for preference manifest.

And the application that we care about, it's voiceover. So that's the title of the application we want to manage. And then there's a domain. So what is the internal name for the application? It's a com apple type name. So here we have screenreader D. And that ties the preferences into the application.

So in the UI, it would look like this. So that's the view presented through Workgroup Manager. The title and the domain are shown for the user. Then further, what are the individual keys? So there are sub-keys for every controllable element inside the application. So here we have an array of dictionaries. So each entry in the array would correspond to one controllable entry in the application's preferences. So these are under the preference manifest sub-keys key in the dictionary, in the plist. So first, there's a key for disabling VoiceOver. And it's under pfm-title.

And this is the user-visible description of the key. And what does it do? A pfm description would be set to something to do something. And here it's set to true to disable VoiceOver. And inside VoiceOver-- so how does VoiceOver application know what to do? So inside VoiceOver, it's looking for scr startup disabled.

So that's screen reader d startup disabled. And the value of that key would be a Boolean. So the type of the variable that we use is bool. And here's how it would look like in Workgroup Manager again. So here we have the disabled VoiceOver key, its description, and the type and the value.

And now we go to the demo. So I'll invite Bruce back up on the stage and show you how preference manifests are used. Okay. Glad to be here finally. Now, back to Demo 1. Okay, first of all, I have a server set up, I said that, and I have a group.

And these are group records in the directory service. And I have this one called WWDC Crew. And if I look at the accounts, I can see that there's two members in this. And what I want to do is I want to have it so that when people in this group log in, they get a particular desktop that I have. So to do that, first of all, I'm going to set the desktop for this particular machine or this particular login. So I'm going to go to System Preferences.

desktop and screen saver, desktop, and one of those black and white ones. Let's take that one. Okay, that's a pretty distinctive desktop. It's nice and black and white and pretty serious. That's the kind of mood I want to set for this particular group. So I want to get this desktop over to these machines when they log in.

So I'm going to go ahead and Go to Preferences, and this is the stuff that we had before, and then go to Details. Okay? And there's a button down here called Add. And what I'm going to do is I'm going to find that particular preference, which is in the current user admin library preferences.

And let's find the desktop preference. Okay, there it is. com.apple.desktop.plist And I'm going to say "Add." And that gets copied from there, right to here, and it actually is already applied to this. It's actually stored now in the directory system under this group. Now I'm going to go -- I can look at this and edit.

Press the "Add" button. And this is the basic of the editor. These three things here -- there's a "Once," "Often," and "Always." "Once" is for setting things up once, and then the user can change them from that point on. "Often" would be setting stuff every time they log in, which is new in Tiger.

And "Always" also sets things every time they log in, but it's fixed and can't be changed by the user. And that actually requires cooperation from the application to really do it right. And I'll get into that. So by default, I'm going to open up the "Often" thing, and I see that there's one thing in there called "Background." And in there -- wow, this is getting bigger every time I do this demo.

There is these four entries in this directory. And from experience, I know that these aren't any good. And there's something I have to mention, that if you're going to do editing of this kind, you have to test everything to make sure it works. Okay? Because you're actually -- what you're doing, you're going to be pushing preferences, you know, over these machines when the application isn't running, and you want to make sure it works.

So I've tested this, so it's -- I know that default will work. So I look in default, and there's a bunch of things there. Just "plist," and this is the keys they use, but it looks pretty good. So I just say "Apply Now." And I'm done. And now this -- people in this group will get this desktop if everything works. Okay.

Why don't you try that? So if you can have our demo 2 back up, please. So on demo 2, I still have my network account. So -- whoops -- I want to log on to my account. So when I log on -- If you remember from the previous time I logged in, I had a regular desktop, just the blue Aqua screen.

So now, because Bruce has set the settings for the workgroup that I belong to, now my desktop is whatever it was pushed down by the administrator. But I don't necessarily want to have this desktop here. So let me go and try to change that. So I want to change desktop.

OK, here we go. Change desktop. And because this was a once setting, it's not a forced preference. It's more like a suggestion for the user. So I'll go back and pick up something more, let's say, for fur. No, let's go for tiger. Yay. So now I have a tiger desktop here.

And the thing is that I can still change the preference, but if I log out-- And this is the point of the often setting. So if I now log back in using this account, My desktop is now back to the default that was set by Workgroup Management through Managed Client 10.

So that's the often setting. And if we go back to Demo 1. Okay. So I was able to push this desktop out, and that was kind of fun. But I have some other stuff. I have TextEdit here, and I want to set up some settings in TextEdit. And I'm going to go to the TextEdit preferences here. And I have a whole bunch of stuff that I kind of want to set here. So I change this all, and I want these settings to be applied to these machines.

So I'm going to do the same thing. I ran TextEdit, and now I'm going to quit TextEdit, because that will make sure the preferences are saved off to files. And then I'm going to go back to Add, and under Add, I'm back in, you know, my account, library, "And now I have to find the TextEdit preferences. And I'm going to flip down here. TextEdit. com.apple.textedit, I think is what it's called.

There it is. And I'm going to say Add. Now, let's look at what I added there. Well, they all go into "often," and look at this. There's 17 items, and they're kind of all, "What does that mean? And how am I going to find out what this, you know, if TextEdit, you know, how is someone going to manage TextEdit if this is what they see?"

So we came up with this concept, and it's new, called a Preference Manifest. And a Preference Manifest will be a description of these preferences, which can be used by Workgroup Manager to clean this all up and make this look a lot better and make it more editable. Like, you can set what the ranges of different preferences are so they're all correct.

And you're also, by publishing a Preference Manifest, you're saying that these can be managed. Now, an application writer doesn't have to write a Preference Manifest. Actually, if you're an IT person, you can actually try to reverse engineer and figure out what these preferences mean and write your own Preference Manifest for your site use, or even, you know, publish it on the Internet for other IT people to use.

It's a description of what the preferences do and how they can be managed. So I'm going to try to manage that, so let's get out of here. And so I want to build a Preference Manifest. Tiger ships with a preference manifest for Safari. So here's Safari down here. So I'm going to Command-click to go to where Safari is in the application folder. And I'm going to get the preference manifest for Safari and then modify it.

So I'm in Safari. So I'm going to click on that and open up its bundle. Show package contents. And in the contents, in the resources, and let's look at, I know there's a file called com.apple.safari.manifest. So... There it is. OK. It turns out that this is also a bundle, so I'm going to open that up again.

Show package contents, and in the contents, resources. And this is what a localized preference manifest looks like. And by the way, it turns out Safari spent a little extra money and localized it in all the Safari languages. But it really only has to be localized in the administrator languages or the server languages. But they did it anyway, and it's still valid. I'm not going to get into localization today, but I'm going to take this file here and copy it to the desktop.

And I'm going to use that as a template for text edit. So let's close these things. OK. So now I'm going to look at this with Property List Editor. And remember, this is a Safari manifest. Well, actually, I got ahead of myself here. Let's close this. First thing I want to do is rename this from Safari. I don't want to do that. I want to rename it.

Extended.Manifest. There. Now let's open it. Okay, so let's open it up and we see at the root are these PFM underbar keys, and what we see, we see description is Safari Preferences, name is Safari, title is Safari, and version is 1, but I'm going to change everywhere it says Safari to TextEdit.

And for version... I'm just playing around for now, so I'm going to change it to 0.1. Okay. Now, in this one key, PFM subkeys are all the top-level keys that I will want to manage. So we look in it, and we see in Safari there are 35 keys which can be managed in Safari. Well, for the purposes of this demo, I'm only going to really, you know, do two or three, so I'm just going to get rid of all these. I think we'll just do one today.

So we just look at it. So these are all these various things. Let's get rid of them. There. And then we get to the first key that can be managed, and we see this is something for Safari. Okay, so now we have to set up these fields, and this is a description of what the preferences look like. So the first thing to do is, well, what do the preferences look like in the plist format? So I'm going to open up the TextEdit plist now. Let's go to Property List Editor, Open. This time it's an admin library preferences. com.apple.textedit.plist. Let's make this a little bigger.

There it is. OK, let's open it. And let's look inside of it. We see all this stuff in here. Now, if you're going to write one of these and you're not the application writer, you have to kind of figure out how these things are used and try to write a description of them. So the one that I'm interested in for this demo is I'm just going to be interested in company.

Company is a string that seems like a very good one to write in Manifest because it's nice and easy. So I'm going to look at one of these Manifest keys here, PFM_subkeys. And it has a key called PFM_default. And first of all, the type's going to be string. And I could put the default in here. And I could put, well, for purposes of my site, I'm just going to put Apple computer.

Okay. And for description, I want to have something that will appear in Workgroup Manager, so I'm just going to type, you know, company name in the -- New Document Preferences window, or whatever I like. I can get really fancy if I want. For the domain, it's not Safari. It's going to be com.apple.textedit.

And the name, now this is going to be the actual key name, so what I'm going to do is make sure I get it right. I'm going to copy it from the text edit preferences and paste it right into here. It's a string. That's the key name. Range list.

I mentioned that you can have different ranges for things. Those are mostly for numeric things. So it doesn't really apply here. You can look at it some other time. Let's just delete it for now, because range list doesn't apply to the string. Let's skip targets for now and go to title. The title for this should be company name. And I capitalized, so it looks nice. And its type is going to be string.

There we go. OK, now, let's get the PFM targets. This is the place where it's valid to apply this preference. In Safari, when I started, it had two places where it was OK. It had user and user managed. User would be either once or often. And user managed would be what we're calling always or forced. And to put it in here means that it should be supported by the application.

So if I was an IT person, and I was back editing TextEdit for making this manifest, I'd probably get rid of this, because TextEdit does not really support this. I could try trial and error to see if it supports it here and there, but probably it doesn't. So it would be best to delete it.

Later on, I'm going to be modifying TextEdit so it actually does work. And then I want to put this back again. OK, so that is one preference manifest key. So I'll tell you what. I've already done this for TextEdit, and I want to show it to you briefly. So let's get rid of this and get rid of my-- we can save that. I'm going to open this one on the desktop.

And this is my final one. And it looks the same thing, FES subkeys, but in it I've done, I did 15 keys, I decided 15 was a good number of things that I wanted to describe, and if you look in any of them, you can see there's various things. This one's for the author, there's others, but that kind of looks like this is a preference manifest, a non-localized one.

Let's get rid of that. And now, let's go back to Workgroup Manager. Remember that I just imported all this stuff for text edit. So, I'm going to enhance this by adding a preference manifest. So, I go to the Add button, and I find my manifest, which is on the desktop.

TextEdit Manifest, there it is. Say Add. And right away, it changes from com.apple.textedit to textedit, and it looks a little nicer. And now when I go to edit it,

Copyright 2003, so this is probably in violation of whatever, so I really shouldn't be able to do this if these preferences really were managed for the application, or even worse, I can say restore to default so it reverts back to whatever was the application's default. So this is the often or once setting how it's applied, in this case, for this application.

So now we'll show next how to do this so that the application behaves in a way that it respects the management settings so that it locks out the UI for this particular piece of GUI. So let's go back to demo one. Okay. So we're back. I was left at work with manager. Let's hide that.

Okay, so what I did was I went in and I grabbed TextEdit from the developer CD, and I modified it so that it would do two things. One is I wanted to dim those settings when they're managed so the user knows that he can't change them, and he's not frustrated by thinking he can change them when he really can't. The next thing is I wanted to make sure that Restore to Defaults button didn't go back and reset everything once I managed it. So it's just two simple changes. So I'm going to open Xcode here and look at the code for TextEdit.

Okay. Come on, Xcode, do your stuff. There you go. Okay. Let's leave that down. Here's the project. OK. So TextEdit turns out to be well-behaved, first of all, because it's well-behaved because it gets all its defaults from NSUserDefaults. And it doesn't do anything funny on the side, so all the managed preferences do get picked up by TextEdit. That works fine. I just have to get the disabling in place. So another thing-- it's a Cocoa app.

Just looking at it, I found that there's this one class called Preferences.m that handles preferences. It's very convenient. So all I had to do was open this one file. And what I did was I added a call for Awake from Nib. And those of you who are Cocoa developers know that when a window comes up, it gets called. And all I did in Awake from Nib-- was I got NSUserDefaults, copy that.

And then for every outlet, or every item in the preferences window, I did a setEnabled call. And I used-- first of all, did this NSUserDefaults call called objectIsForcedForKey. And I went through for every key and asked that question, is this key forced? If the key is forced, I disable it, or take the not of it, and setEnabled. And if it isn't forced, then it's enabled. So that was the simple change. And that will disable items in the preferences pane. And I did it for all the items which I had done the preference manifest for earlier. Now there's one other place I changed.

Okay. I found out by looking at the code, this is the old code which I've commented out, that when you hit that button, which is restore to default, TextEdit goes through this internal table, and if you look at it, it just basically sets up this dictionary and says, okay, this setting gets set to this, this setting gets set to this.

It's all hard-coded in the code. It knows what the default should be, no matter what. So, what I did was, I wanted to change that so that if a preference was forced, it would get the value from the managed preferences, or from the forced preferences, and if it's not forced, I want it to go back to this table.

I wrote a rather, not an especially nasty macro, but kind of a large macro that did this. And it allowed me to plug it into this call to create a new NSDictionary here. And essentially that's all it does. For each of these things, it says, OK, for this key, is-- object is forced for this key.

If that is true, then let's get the item from default. If it's not true, then let's just get the item which is plugged into this table. So I just went through, and for each item, I just used my macros and basically had this table that initialized it. So that's all the changes I made and that, essentially, is going to make TextManager for this app. So let's quit Xcode for now.

One other thing. In WorkRoute Manager, if you remember, I left everything in the often. So I went to TextEdit to edit, and we see that there's three items in often. And I'm just going to move those to the always area now. So I take company, and I can cut and paste.

And let's add something to this so we really know it's live. All right, it's reserved.

Okay, so this looks good. Okay, so we apply now. That's all set up. We're done with this. And now, you should now try to log into TextEdit and show how this management is applied. Okay. So if you can go back to Demo 2, please. So in Demo 2, when I log on again with this account, now I pick up the new managed settings. So instead of having often preferences for TextEdit, I have the forced always preferences. So let's see, bring up TextEdit, and let's go and see what my preferences look like.

And indeed, here they are. They are locked. And if I click Restore Defaults, nothing happens. So with three lines of code, we enable TextEdit to respect the management settings that I applied on the application. So if I had a company policy to have certain document defaults or even setting up copyright strings or other metadata-- so with TextEdit now, let's say with this version of TextEdit in Tiger, it actually writes out metadata for Spotlight.

So I could actually embed some of these things into the metadata for any document that is created by this user. And then when these documents are saved, Spotlight picks them up and it's indexed. So let's see if I have anything here-- WWDC demo. And save that as test document. And now if I go to Spotlight and see, let's say, copyright 2005 and all rights reserved.

And TextEdit has that, and that was probably WWDC. Did we have all our ads reserved? Look at it. Let's see what the preference here. Oh, it's in copyright, so company would be indexed. So here, if I go again, Apple Computer, And there are slots, and here comes the test document. And that's picked up. It's not anywhere here. Oops.

Make this bigger. Edit. Okay. It doesn't say Apple Computer here, so the only way Spotlight picks that up is through the metadata for this document. So this would enable companies to deploy applications that contain metadata that is forced for all documents that are created within this managed environment. All right. So that concludes the demo. Thank you, Bruce. So if you can go back to the slides. To the slides, please.

Slides are dark. Oh, there's a screensaver on the machine. Excellent. So wrapping up, first to go back to preference manifests. So what's important about that? In Workgroup Manager, in a network environment, system administrators now can set custom defaults for application. They can write their own application preference manifests.

So if network administrators have, let's say, application XYZ, and they want to set some of the often preferences or once preferences for application, they can use the preference manifests. The other way is to use the-- excuse me, first they can go and edit the preferences, just bringing up the plist.

So they can grab any plist and make that applied on any system on the network. And if they're a little bit more inquisitive, they can go and create a preface manifest on their own. And third, but not least, is you as application developers, you can enable your applications to be management aware.

And if you have settings that are, let's say, hidden preferences or other settings that alter the behavior of the application, some things that you don't want to expose through the UI, for example, disable sharing of music, for example. You don't want to have that in the GUI, but you want to enable that functionality through a preference manifest. You can do that by writing a preference manifest. So that's a very powerful way of deploying applications on a network.

And in a managed environment. So wrapping up, earlier we talked about using applications on a network volume or users having network home directories and how that affects the usage of the system, the user's experience of performance, for example, and how our applications are used. If we use caches that go into users' home directory, those might actually cause network traffic to happen, even when the intention was to minimize network traffic. And we want to optimize for that using the tools FS Usage and Shark, and we want to test all these cases. And managed users, the same thing, preferences could be managed for the user or for the Workgroup or for the system.

Again, test your application in these type of deployment scenarios so that you know that your application can be run off of a, let's say, read-only media, or your application can be run from a network volume, and that your application doesn't require resources from the local system to be installed in the user's home directory.

If you want to deploy applications in a network system or network environment, you might want to have your installer write stuff into the local library application support locations that are local to the system and not on the network. And we talked about portable home directories, how your network account becomes a local account, but it's more like a hybrid. It's a cached account of the network credentials.

So your net info record might be overwritten, and the information you store for the user in the net info record could be written over at the time when the account is next time synced to the network. And finally, we talked about preference manifests, how to enable the application to be preference manifest aware and management aware and how network administrators would deploy applications and how they would use this feature to control the usage of the applications that are in use at any given location. So that's the summary of the demo, how to make network-friendly applications.

If anyone came here to hear about how to do installer scripts, I'm sorry we didn't cover that. There were sessions about how to do post-install actions, pre-install actions, how to deploy applications. Those will be covered at the installer sessions, and there are slides and sessions available later on DVDs and on the developer site. So for more information, developerapp.com, slide 1. And related sessions, Swimimic Shark. So if you want to optimize your application, Shark is a really good tool for that. So you can use Shark to profile your applications, either memory access or disk access, whatnot.

And there's a hands-on session tomorrow. And for management side, there's a session by John Detroit tomorrow, and that will be talking about real-world management centers. How are your applications used in a network environment, in a virtual university or in an enterprise? Which is not your typical application usage, so there are special things that you have to account for. And if you really want to stand out and fit in, there are some things you want to take into account, just like creating preference manifests and running properly from a network volume.