Strategy for managing laptop users

[marko]

I am IT admin at a school that currently has 75 iMacs. I manage users through Workgroup Manager.

We are deploying 40 MacBooks to be assigned permanently to individual students. These students should continue to be able to log iMacs with network-mounted home directories. Home directory on laptops will not be synched with the server.

I imagine one way to handle this would be so that they log in as portable home network user to laptop but I disable home directory sync, so that they maintain two different home directories (one locally on the macbook, one networked home on iMacs).

Alternatively, it would be OK if I create local user accounts on their MacBooks. For as long as I am able to manage what they can do, especially what apps they can run.

In addition, it is required that home directory on MacBooks is in a different partition, as I would only reimage the system partition.

Any comments on what may be preferred approach would be appreciated.

[derick2499]

thanks for the post

[tlarkin]

Marko-

I think the best solution for you would be to add a log in hook script to those macbooks so when the students log in to their network homes they get synced locally via portable home directories. You can do this with a simple script, if you set it as log in. You would only want it to run once. There is an executable in the CoreServices folder that can do this.

Here is the manual page for it:
[code]
bash-3.2# ./createmobileaccount -help
createmobileaccount built Jul 7 2009 17:17:01
*** error: “-n username” is a required argument

usage: createmobileaccount -n username [-h homepath] [-P | [-p password]] [-e] [-q] [[-x] | [-X]] [[-s] | [-S]] [-u syncURL] [-v]
-n username : user record name
-h homepath : user home path; Default is “/Users/”
-p password : user password
-P : prompt for password. A password is required for FileVault home
-e encrypt : encrypt new home with FileVault
-q quota : max size in bytes of FileVault home
-x : create as external account on non-boot volumes. Default
-X : create as mobile account account non-boot volumes.
-s : set home sync on if home created.
-S : set home sync off if home created. Default.
-u syncURL : server target of home synchronization
-v : verbose output

Examples:
createmobileaccount -n jsmith
createmobileaccount -v -P -x -n jsmith
createmobileaccount -vsdn jsmith -h /Volumes/HD3/jhome
createmobileaccount -i

Notes:
– createmobileaccount must run as root.
– If you do not specify a password, the account’s cached password will be created during the account’s first log in.
[/code]

So, a hypothetical possible shell script to do this, may look something like this:

[code]
#!/bin/bash

# grab the currently logged in user by checking to see who owns the /dev/console

CurrentUser=`/bin/ls -l /dev/console | /usr/bin/awk ‘{ print $3 }’`

# now create the mobile account

/System/Library/CoreServices/createmobileaccount -S -n $CurrentUser -h /Users/$CurrentUser

exit 0
[/code]

That would create a mobile account and set synchronization off after it is created, so all the credentials should be cached locally. See [url]https://www.afp548.com/article.php?story=20090415155232756[/url] article for more deatils

[Author]

Posts