Software called dconf has taken place of gconf. This article attempts to outline way to lock down MATE and other desktops that make use of dconf, such as XFCE and GNOME. This is also one of the reasons I discourage use of LXDE, every desktop has to be administratable using Puppet, Salt etc.

First create directories:

mkdir -p /etc/dconf/db/mate.d/lock/
mkdir -p /etc/dconf/profile/

Then set the lookup order for attributes in /etc/dconf/profile/user:

user-db:user
system-db:mate

This means that user attributes have higher precedence than system provided settings from the database we're about to define. The second database however can lock down certain attributes if necessary.

I've tuned keyboard settings in /etc/dconf/db/mate.d/keyboard:

[org/mate/desktop/peripherals/keyboard/kbd]
layouts=['ee','us','ru','de']

[org/mate/desktop/peripherals/keyboard/general]
group-per-window=false

[org/mate/marco/global-keybindings]
run-command-terminal='<Primary><Alt>t'

[org/mate/terminal/global]
use-menu-accelerators=false
use-mnemonics=false

Make touchpad more dumb-user friendly in /etc/dconf/db/mate.d/touchpad:

[org/mate/desktop/peripherals/touchpad]
tap-to-click=false
horiz-scroll-enabled=true
touchpad-enabled=true
scroll-method=2

Give Windows XP-ish look in /etc/dconf/db/mate.d/theme:

[org/mate/desktop/background]
picture-filename='/usr/share/backgrounds/mate/nature/RainDrops.jpg'

[org/mate/pluma]
auto-indent=true
insert-spaces=true
color-scheme='Ambiant-MATE'

[org/mate/caja/desktop]
computer-icon-visible=true

[org/mate/marco/general]
num-workspaces=1

[org/mate/caja/preferences]
show-image-thumbnails='always'

[org/mate/desktop/font-rendering]
hinting='slight'

[org/mate/desktop/media-handling]
automount-open=false

[org/mate/screensaver]
lock-enabled=false
mode='blank-only'
themes='[]'

[org/mate/desktop/interface]
gtk-theme='TraditionalOk'
icon-theme='ubuntu-mono-light'

[org/mate/marco/general]
num-workspaces=1
theme='TraditionalOk'
compositing-manager=false

[org/mate/panel/general]
locked-down=true

[org/mate/power-manager]
backlight-battery-reduce=false

Trickiest part is getting MATE panels right in /etc/dconf/db/mate.d/panel:

[org/mate/panel/general]
toplevel-id-list=['bottom']
object-id-list=['main-menu', 'show-desktop', 'window-list', 'notification-area', 'indicators', 'clock-applet']

[org/mate/panel/toplevels/bottom]
orientation='bottom'
size=30

[org/mate/panel/objects/main-menu]
object-type='menu'
toplevel-id='bottom'

[org/mate/panel/objects/show-desktop]
object-type='applet'
applet-iid='WnckletFactory::ShowDesktopApplet'
toplevel-id='bottom'
panel-right-stick=false
position=1

[org/mate/panel/objects/window-list]
applet-iid='WnckletFactory::WindowListApplet'
toplevel-id='bottom'
position=2
object-type='applet'
panel-right-stick=false


[org/mate/panel/objects/indicators]
object-type='applet'
applet-iid='IndicatorAppletCompleteFactory::IndicatorAppletComplete'
toplevel-id='bottom'
panel-right-stick=true
position=1

[org/mate/panel/objects/notification-area]
object-type='applet'
applet-iid='NotificationAreaAppletFactory::NotificationArea'
toplevel-id='bottom'
panel-right-stick=true
position=2

[org/mate/panel/objects/clock-applet]
object-type='applet'
applet-iid='ClockAppletFactory::ClockApplet'
toplevel-id='bottom'
panel-right-stick=true
position=0

[org/mate/panel/objects/clock-applet/prefs]
show-date=false

Attributes can be locked down in the locks folder, for example to lock background picture use following in /etc/dconf/db/mate.d/locks/background:

/org/mate/desktop/background/picture-filename

Use following to rebuild the database in /etc/dconf/db/mate:

dconf update

Use following commands to kill MATE apps and reset dconf settings to test your currect dconf database:

killall dconf-service
rm ~/.config/dconf/user
killall mate-panel caja
marco --replace &