[pixelbaker]

I'm setting up an iMac on an all windows network with Active Directory on Windows 2003 Standard. I've gotten the system to authenticate against the AD and allow network users to login and it automatically mounts their home directories (question about that later), but I'd like to know how I can set the default settings for the network users (disabling access to sysprefs, setting default printers, home page, etc...) when they log in. Is there some way I can do this? I'm open to third party apps as long as it's not prohibitively expensive.

About the user's home folders, when our domain controller was setup the users folders were located on \\server\users$\usershomefolder using the administrative share (the dollar sign after the users folder). All of the users are set up this way and when OS X mounts the user folder it mounts USERS$ on the desktop and the user's home folder in the dock. Is there any way that I can get it to automatically put the home folder on the desktop also? Or maybe switch the OS X home directory to the network home directory instead?

I'd also like to auto-mount certain network folders that will have to be accessed by users, such as \\server\sharedfolder\, onto the desktop.

Thanks in advance.

[larkost]

Apple actually has a great way of doing things just like Network Policies, and that is Workgroup Manager/Management. It has actually be arround for longer.

Normally you would use a MacOS X Server to enforce the policies, but I have documented a way of doing this without a server:

Workgroup Management without a server - Provider Notes

And on the network home folder on the desktop... that can be done, but it requires that you do all of the work yourself. Probably not what you want to do. If you do want to do it you are going to need to do it as a login-hook.

Adding additional mount points to auto-mount is actually rather easy with the trik I talked about earlier. Just use Workrgroup Manager to do the work for you.

And finally, about the Users$ folder: sadly that is probably there to stay (unless you work arround it yourself). That is actually the mount point, and so that is what the computer is going to connect to. Someone did create a system that allows you to hide the containing folder, and that has been posted on the MacEnterprise.org website.

[pixelbaker]

thanks

I'll start on this tomorrow and hopefully get some progress made toward getting things setup how I'd like them. excellent guide btw.

[pixelbaker]

I'm working at this and it's going excellent, but there's a couple things I'm having trouble with.

I've selected only the certain dock items that I want to show in the dock for the selected user group, and it has made the additions that I chose, but it also shows the ones that I've deleted from the dock. I have unchecked "merge with user's dock" so I'm not sure what the problem is. I've also deleted the mcx_cache from NetInfo as per the instructions (It was under configs/mcx_cache if that makes a difference?) with no change. Am i supposed to delete it from the user's netinfo or from the administrator netinfo?

I've gotten the group folders to work by just mounting the directory with a login item.

I'm trying to use the instructions from the MacEnterprise site (Linky) to mount the user's network home folder as a desktop volume, but not having much luck. I think the script will work, I'm just a little confused as to what I need to enter in the script files so that it knows where to locate the user folders.

Is there some way I can just type in a custom login item like cifs://server/users$/$USER and have it mount it?

Another question: any way to enable right click for all users with workgroup manager? I found the extended settings and added some settings for safari and other apps, but I can't seem to find one that would enable right click. What about other preferences similar to this like mouse tracking speed? keyboard repeat rate? screensaver? etc...

Thanks

[larkost]

Ok... here goes in no particular order:

The mouse: You are going to have to use the advanced part of the preferences system to get this one. The way you do it is you set all of the settings that you want on your local computer, then open Workgroup Manager, go into the group you want to, go to "Preferences", and then into the "Details" tab. Here you are going to "Add.." and then navigate to ~/Library/Preferences/com.apple.driver.AppleHIDMouse.plist. This will then do what you want. For the keyboard repeat rate you are going to have to hunt for those, but it will be similar.

I have not really looked into the MacEnterprise hints in any depth... the standard has been good enough for what I needed. So you are on your own there.

The merge doc thing has been an off-and-on problem for a while. The best advice I have there is to look at putting a blank dock in /System/Library/User\ Template/Non_localized/Library/Preferences/. That will force new users to have a blank dock, and then you can add from there. From time to time Apple has also added things in updates that can mess this up, but usually it has a name like "dock fixup", and is in /Library.

[pixelbaker]

I'm logged in as administrator, but can't access the Library folder when i drill down to it. I don't want to **** up my permissions, but how do I allow access to it? How would I go about creating a "blank dock" when I'm in there?

[larkost]

You need to go in with the command line and sudo, and you create a user to play with, and drag everything out of their dock, thn use the plist from that user. Or you can use your own plist, and then use the advanced editor to snip everything away.

[pixelbaker]

I'm not sure what I'm doing wrong, or what I'm doing at all I guess. I can't navigate down to the directory using sudo. I can get to Non_localized, but then what command do I use to get into Library using sudo?

Where do I find the blank plist file that I created when I emptied the dock for the test user and how do I put that plist in as my default dock for all users?

Thanks. Sorry for my lack of knowledge. I'm Googling like crazy, but this is just vastly unfamiliar territory.

[larkost]

Fist off.. you can't get into Non_localized because of permissions. This is actually a deliberate thing, as MacOS X copies over the folders, then does a chmod, and you want these things protected. So what you have to do is to 'sudo -s' on the command line, so that you are effectively root (the owner there) then do your moving using 'cp'.

And the dock plist is at ~/Library/Preferences/com.apple.dock.plist. Watch out when using this address with 'sudo -s' as '~' will resolve to root's folder, and so you probably want to use '~username'.