[carterx]

Ok, so heres my question:

For those that create custom OS X lab images to deploy, how do you setup/create a custom user so that when they login (my users use Windows AD to login) but have users login and their dock, finder, application settings, user setting etc. are how you want them?

Now, there is Workgroup Manager, but that's only if you have a OS X Server for this use.

For a few years, I have always just create a user, named it default, then just make all the need changes and so on to that user, then through Root user, I grab all the need files from that users Home files such as Preferences, Library, etc. setting and put into the systems default profile folder found ( /System/Library/User Template/English.lproj )

This has always worked without issues. but there must be an easier way.

I have also used the Active Directory plugin (Directory Services) for mapping all newly logged in AD users to the Mac to have the user use the profile of a already created user on the computer, and this works, but for every other user that logs in, the files that are placed in the home folder are seen by all users that log into the computer.

I thought that this could be solved by using Faronics Deep Freeze on login/logout by wiping the user, but this can only happen on a restart and with the amount of users that login/out in our system on all of our Mac'c, I can not go that way.

So anyways, ya, just wondering how everyone else out there does it?

Thanks,
Carter

.

[larkost]

There are quite a number of approaches, and it all depends on a few things in your environment. And before I get into much more, I will mention that this is not the best resource for this sort of thing. The people who do this for a living tend to hang out on a couple of mailing lists: client-management on Apple's list server, and MacEnterprise's mailing list. And the central sites tend to be MacEnterprise.org, AFP548.com, and forums.bombich.com.

But the tools you need to be aware of:

Workgroup Manager and MCX - You can set a log of settings using this and with a little creativity about how you setup groups (hint: nest your AD users group under a local group and then manage the local group) you can manage a good chunk of you user experience. This is a part of the MacOS X toolset, and it the easiest when you combine it with a MacOS X Server that your computers are bound to, but it can work without that (I have some documentation out there for 10.4 in how to do it). An example of what you can do here is to manage the Dock or mount group shares.

Apple Remote Desktop - You can push out updates and packages with this, and that can be very useful. By bundling your settings changes creatively into packages you can push them out to a lot of computers.

Login (and logout) hooks - This runs after your user has successfully entered their username and password, but before they see the desktop. You can use this to manage the setup of their environment.

rsync - If you are using a single mapped local user then you can use this to get the home folder back to a known state. And since it should be fast if there is little or nothing to do, you can run it both as a login and logout hook item. Just be careful about the resource forks... (-E option)

Login Items - These run after the user is logged in. A useful thing to do at this point is to create aliases from their network home directory and use them to replace things like Documents or the Desktop folder.

There are other options for other parts of the equation, so I am just going to throw out some names you might want to look up: NetRestore, Radmind, puppet, and cfengine. You will need to decide what makes sense in your environment.