I’ve just starred a new item in Google Reader
The /etc/authorization file in Mac OS X can be used to control access to the various panes of the System Preferences amongst other things. It’s used by some of us Mac Sys Admin’s to give Standard Users access to System Prefs panes that only admins could otherwise unlock. It can also be used in the reverse to lock down panes you don’t want users messing with. An example by Apple was about allowing non-admin users to change the time zone setting. Often the panes can’t be controlled to the exact level you may want via MCX (Local or Managed) or defaults write/plists. Nor do you want to give users admin rights in a large business/university setting.
With 10.6 and now 10.7 the following Preference Panes are locked by default. Meaning you need an admin username and password to unlock them: Security & Privacy, Print & Scan, Network, Sharing, Users & Groups, Parental Controls, Date & Time, Software Update, Time Machine and …
from MacOSXHints.com http://hints.macworld.com http://www.pheedcontent.com/click.phdo
Here’s the original article that is linked to from Mac OS X Hints:
http://mattsmacblog.wordpress.com/2011/07/30/mac-os-x-10-7-lion-first-look-at-etcauthorization-usage/