Instruction/ maintenance manual of the product 10.5 Leapard Apple
Go to page of 275
M a c OS X Se r v er User Management F or V ersi on 1 0.5 L eopard.
K Apple Inc. © 2007 Apple Inc. All rights reserved. The owner or authoriz ed user of a valid copy of Mac OS X Ser v er software may reproduce this publication for the purpose of learning to use such software.
3 1 C ont en ts Prefac e 1 3 About This Guide 13 What’ s New in W orkgroup Manager 14 What’ s in T his Guide 15 Using Onscreen Help 16 Mac OS X Ser ver A dministration Guides 17 Viewing PDF Guides.
4 Contents 35 Identifying Directory Ser vices Requiremen ts 35 Determining Ser ver and St orage Requirements 36 Choosing a Home F older Structure 37 Devising a Home Folder Distribution Strat egy 38 Id.
Contents 5 61 W orking with Presets 61 Creating a Pr eset for User A ccounts 62 Using Pr esets to Create A ccounts 62 Renaming Pr esets 62 Editing P resets 63 Deleting a Pre set 63 W orking with Basic.
6 Contents 83 Resetting a User’ s Print Quota 84 Disabling a User’ s Access to P rint Queues That Enforce Quotas 84 W orking with Info Settings 85 W orking with Windo ws Settings 85 Changing a Win.
Contents 7 10 8 About Computer Gr oups 10 8 Difference s Between Comput er Groups and Computer Lists 10 8 Administering C omputer Groups 10 8 Creating a Comput er Group 10 9 Creating a Pr eset for C o.
8 Contents 13 7 Considerations f or Using Mobile Accoun ts 13 9 Strategies for Syncing C ontent 14 0 Setting Up Mobile Accoun ts for Use on P or table Comput ers 14 0 Configuring P or table C omputers.
Contents 9 17 3 Adjusting Classic Sleep Settings 17 4 Maintaining Consistent User P references for Classic 17 4 Managing Dock Preference s 17 4 Controlling the User’ s Dock 17 5 Providing Easy Acc e.
10 Contents 202 Creating a Mobile Accoun t 203 Prev enting the Creation of a Mobile A ccount 204 Manually Removing Mobile Accoun ts from Computers 205 Enabling FileV ault for Mobile A ccounts 207 Sele.
Contents 11 232 A dding to the Pr eference Edit or ’ s List 234 Editing Application Pr eference s with the Pref erence Editor 235 Removing an A pplication ’ s Managed Pref erences in the P refer e.
12 Contents Appendix 25 1 Impor ting and Exporting Accoun t Information 25 1 Understanding What Y ou Can Import and Expor t 25 2 Limitations for Importing and Expor ting P asswords 25 2 Maintaining GU.
13 Prefac e About This Guide This guide explains how t o use W orkgroup Manager to set up and manage accounts and pr eferenc es f or clients. Mac OS X Ser ver include s W orkgroup Manager , a user management tool y ou can use to create and manage accounts .
14 Preface About This Guide Y ou can enable these featur es by managing Mobility preference s. For more information, see Chapter 8, “Managing Portable Computers.” Â New managed prefer ences. Pref erences now let y ou manage P arental C ontrols , Dashboard , F ront Row , and Time Machine.
Preface About This Guide 15 Using Onscreen Help Y ou can get task instructions onscreen in the Help Viewer application while you ’ re managing Leopard Server . Y ou can view help on a ser ver or an administrator comput er . (An administrator computer is a Mac OS X computer with L eopard Server administration software installed on it.
16 Preface About This Guide Mac OS X Ser ver A dministration Guides Getting Star ted c overs installation and setup for standar d and workgroup configurations of Mac OS X Ser ver. F or advanced configurations , Server Administration co vers planning , installation, setup , and general ser ver administration.
Preface About This Guide 17 Viewing PDF Guides Onscreen While reading the PDF version of a guide onscreen: Â Show bookmarks to see the guide’ s outline, and click a bookmark to jump to the corres ponding section. Â Search for a wor d or phrase to see a list of places where it appears in the documen t.
18 Preface About This Guide Getting Documentation Updates P eriodically , Apple posts revised help page s and new editions of guides. Some revised help pages update the latest editions of the guide s.
1 19 1 User Man agement Ov er view This chapter in troduce s user management concepts and describes the applica tions used to manage accoun ts and privileges.
20 Chapter 1 User Management Overview Using Workgroup Manager with Mac OS X Ser v er ser vic es, you can: Â Customiz e the work envir onments of network users by or ganizing their desktop resource s .
Chapter 1 User Management Overview 21 Ser v er Pref erences If you use the standard or workgroup c onfiguration of Mac OS X Ser ver , you can use Ser ver P references to configur e key features of collaboration and file services.
22 Chapter 1 User Management Overview Y ou can use NetInstall to upgrade operating systems , install software updates and custom software packages, or re-image desktop and portable computers. Y ou can create custom installation packages for v arious departments in an organization, such as marketing, engineering, and sales.
Chapter 1 User Management Overview 23 Administra tor Acc ounts Users with server administration or director y domain administration privileges are known as administrators. An administrator can be a ser v er administrator , domain administrator , or both.
24 Chapter 1 User Management Overview When you assign full directory domain administration privileges to a user , the user is added to the “ admin ” group in the director y domain. This does not grant the user local admin privileges on the servers hosting this director y domain or on any other servers or clients bound to this directory domain.
Chapter 1 User Management Overview 25 F or some ser vic es, like Apple Filing P rotocol (AFP), you can let guest users access files . Instead of authenticating with a name and a passw ord , a guest user connects as a guest, not as a registered user . Guests are re stricted to files and folders with permissions set to Everyone.
26 Chapter 1 User Management Overview F or more information about setting up comput er accounts, see Chapter 6, “Setting Up Computers and C omputer Groups.” T o specify prefer ences for Mac OS X comput er accounts , see Chapter 1 0, “Managing Pr eference s.
Chapter 1 User Management Overview 27 The follo wing illustration shows a user logging in to an account in a directory domain in the computer’ s search polic y . After login, the user can connec t t o a remote server to access its services (if the user ’ s account is located in the server ’ s search polic y).
28 Chapter 1 User Management Overview Prior to Mac OS X v1 0.4, Mac OS X used user ID and POSIX permissions to track folder and file permissions. In Mac OS X, f olders or files include POSIX permissions for en tities such as:  Owner  Group  Everyone else Because GUIDs are 1 2 8-bit values , duplicate GUIDs are ex tr emely unlikely .
Chapter 1 User Management Overview 29 ACLs and POSIX P ermissions Every file and folder has POSIX permissions. Unless an administrator assigns ACL permissions, POSIX permissions continue to define user access . I f y ou assign ACL permissions, they take precedence over standard POSIX permissions .
30 Chapter 1 User Management Overview.
2 31 2 Getting Star ted with User Man agement This chapter pr ovides inf ormation about planning and setting up a user management en vironment. T o create an effective user managemen t environmen t, you must carefully plan your network. Then, when deploying the network, you must systematically and methodically set up your network r esources .
32 Chapter 2 Getting Started with User Management Make sure that read-only director y domains (such as LDAPv2, read-only LDAPv3, or BSD flat files) are configured t o suppor t Mac OS X Server and that they provide necessary account data. T o make the director y compatible , you must add, modify , and reor ganize director y inf ormation.
Chapter 2 Getting Started with User Management 33 F or information about setting up home folders using AFP , NFS, or SMB, see Chapter 7 , “Setting Up Home Folders .
34 Chapter 2 Getting Started with User Management  F or information about how to w ork with Mac OS X group accounts and group folders , see Chapter 5 , “Setting Up Group Acc ounts.”  F or information about how to add a gr oup folder to the dock to make it more accessible to users , see Chapter 1 0, “Managing P reference s.
Chapter 2 Getting Started with User Management 35 Â What ser vic es and resource s users need (such as mail or access to data storage) Â How to divide users int o groups (for example , by class topi.
36 Chapter 2 Getting Started with User Management If you use network home folders , they requir e one dedicated home folder server for every 1 50 concurrent connections. If you use mobile accounts with portable home directories, you need one dedicated home folder server for ev er y 3 00 concurrent connections.
Chapter 2 Getting Started with User Management 37 When users save file s in network home folders , the files are stor ed on the ser v er . Additionally , when users access home folders, even for common tasks like caching webpages , the users’ computers must retrieve the se files from the server .
38 Chapter 2 Getting Started with User Management A user ’ s netw ork home folder doesn ’t need to be stored on the same server as the director y c ontaining the user ’ s account. In fact, distributing directory domains and home folders across multiple servers can help balance your netw ork load.
Chapter 2 Getting Started with User Management 39 F or example, you might want to give studen t lab assistants the ability to manage user passwords f or a small group of students, while giving teachers the ability to manage user passwords , edit user information, and edit group information for all of their classes.
40 Chapter 2 Getting Started with User Management.
3 41 3 Getting Star ted with W ork group Manager This chapter pr ovides instructions for setting up W orkgroup Manager and using its core f eature s. W orkgroup Manager is the primary application for managing client computers. Y ou can use W orkgroup Manager to create acc ounts and manage prefer ences.
42 Chapter 3 Getting Started with Workgroup Manager 3 If you are managing pref erences that use specific paths t o find files (such as Dock preferenc es), mak e sure the administrat or computer has the same file system structure as each managed client computer .
Chapter 3 Getting Started with Workgroup Manager 43 Connecting and Authen ticating to Directory Domains in W orkgroup Manager When you install your server or set up an administrator computer , W orkgroup Manager is installed in /Applications/Server/.
44 Chapter 3 Getting Started with Workgroup Manager Major W orkgroup Manager T asks After login, the Accounts pane appears (see below), showing a list of user accounts. Initially , the user accounts listed ar e those stored in the last directory domain of the ser v er ’ s sear ch policy .
Chapter 3 Getting Started with Workgroup Manager 45 Â T o view onscreen help , use the Help menu. The Help menu gives y ou access to help for administration tasks av ailable through Workgroup Manager , as well as other Mac OS X Ser ver t opics.
46 Chapter 3 Getting Started with Workgroup Manager F inding and Listing Acc ounts W orkgroup Manager provides sev eral methods for finding and listing user accounts , group accounts , computer accounts, and computer groups.
Chapter 3 Getting Started with Workgroup Manager 47 User accounts from the server’ s local director y domain can ’t be used to a uthenticate in the login window on client comput ers, because the login window is a process running on the client computer .
48 Chapter 3 Getting Started with Workgroup Manager Listing Accoun ts in A vailable Directory D omains Using Workgroup Manager , you can list user accounts, group accounts , computer accounts , and computer groups r esiding in any av ailable directory domain accessible from the server you’ re connected to .
Chapter 3 Getting Started with Workgroup Manager 49  Name Star ts With  Name Ends With  Name Is  ID Is  ID Is Greater Than  ID Is Less Than  Comment C ontains  Keyword Con tains T o filter items in the list of accoun ts: 1 After listing accounts , click the Users, Groups, Computers , or Computer Groups button.
50 Chapter 3 Getting Started with Workgroup Manager There are sev eral field options:  Is less than  Is greater than  Is  Contains T o locate users or groups in the A ccounts or P refer ences panes: 1 In the W orkgroup Manager toolbar , click Search.
Chapter 3 Getting Started with Workgroup Manager 51 F or more information about how t o create presets , see “Creating a Preset f or User Accounts ” on page 6 1.
52 Chapter 3 Getting Started with Workgroup Manager F or example, suppose you select three group accounts that each hav e differen t settings for the Dock size. When you look at the Dock Displa y preference pane f or these accounts , the Dock Size slider is center ed and has a dash on it.
Chapter 3 Getting Started with Workgroup Manager 53 Impor ting and Exporting Accoun t Information Y ou can use XML or character-delimited text files to import and expor t user and group account inf ormation. Importing information can make it easier to set up many accounts quickly .
54 Chapter 3 Getting Started with Workgroup Manager.
4 55 4 Setting Up User A ccoun ts This chapter t ells you how t o set up , edit, and manage user accounts . User accounts giv e users unique identities on your netw ork and allow you to manage those users. Y ou can use Workgroup Manager to view , create , edit, and delet e user accounts.
56 Chapter 4 Setting Up User Accounts A Windows user account that is not st ored in the PDC server ’ s LDAP directory can be used to access other services. For example , M ac OS X Server can authenticate users with accounts in the server ’ s local directory domain for the server ’ s Windows file ser vic e.
Chapter 4 Setting Up User Accounts 57 Administ ering User Acc ounts Y ou can view , cr eate, edit, and delete user accounts stored in various kinds of directory domains. Creating U ser Accoun ts T o create a user account in a dir ector y domain, you must have administrator privilege s for the domain.
58 Chapter 4 Setting Up User Accounts 3 Click the globe icon and then choose the domain where you wan t the user ’ s accoun t to reside. F or Mac OS X Ser ver v1 0.5 or later , Local and /L ocal/Default refer t o the local director y domain. 4 T o authenticate , click the lock and ent er the name and password of a directory domain administrator .
Chapter 4 Setting Up User Accounts 59 F or details, see “ W ork ing with Basic Settings” on page 63 through “ W ork ing with Windows Settings” on page 85. Fr om the Command Line Y ou can also edit user account inf ormation using the dscl command in T erminal.
60 Chapter 4 Setting Up User Accounts W ork ing with Windows User A ccounts Use Workgroup Manager to change passw ords, password policies , and other settings in Windows user accounts .
Chapter 4 Setting Up User Accounts 61 Fr om the Command Line Y ou can also disable a user account using the dscl and pwpolicy commands in T erminal. For more inf ormation, see the users and groups chapter of Command-Line Administr ation .
62 Chapter 4 Setting Up User Accounts Using P resets to Crea te Acc ounts Pre sets provide a quick way t o apply settings to a new account. After applying the preset, you can continue to modify settings f or the new account, if necessary . Y ou can use presets with user , group, and computer group accounts .
Chapter 4 Setting Up User Accounts 63 Y ou edit a preset by using it t o create an account , changing fields defined by the preset, and then saving the preset. T o edit a preset: 1 In W orkgroup Manager , click Accounts. 2 Click the globe icon and then choose the directory domain with the preset you want to edit.
64 Chapter 4 Setting Up User Accounts A user name can contain no more than 2 5 5 bytes . Because long user names suppor t various character sets, the maximum number of characters for long user names ranges from 25 5 Roman characters to as few as 63 characters in character sets where characters occupy up to 4 bytes.
Chapter 4 Setting Up User Accounts 65 F or the first shor t user name , use only these characters (subsequent short names can contain an y Roman character):  a through z  A through Z  0 through 9  _ (underscore)  - (hyphen) T ypically , shor t names contain eight or f ewer characters.
66 Chapter 4 Setting Up User Accounts T o change a user ’ s first short name, create a new account f or the user in the same director y domain that c ontains the new first short name and retain all other account information (user ID , primary group , home folder , and so on).
Chapter 4 Setting Up User Accounts 67 Modifying User IDs A user ID is a number that uniquely identifies a user . M ac OS X c omputers use the user ID to track a user’ s folder and file ownership. When a user creates a f older or file, the user ID is stored as the ID of the user who created the folder or file .
68 Chapter 4 Setting Up User Accounts Make sure the value is unique for all directory domains set in the search policy of computers that the user logs in to . Workgr oup Manager warns you if you change the value to another user ID in the same dir ector y domain.
Chapter 4 Setting Up User Accounts 69 3 Click the globe icon and choose Local. 4 Click the lock and enter the name and passwor d of a local administrator . 5 Click the globe icon and choose the directory domain where the user ’ s account r esides. 6 Click the lock and enter the name and passwor d of a director y domain administrator .
70 Chapter 4 Setting Up User Accounts W ork ing with P rivileges Y ou can give a user account full or limit ed control ov er domain administration. When giving limited administrative con trol, you can choose which users and groups the user can administer , and what k ind of contr ol the user has over those users and groups.
Chapter 4 Setting Up User Accounts 71 The following tasks ar e available t o limited administrators: If you give a user differ ent administrative capabilities at sev eral account levels , the capabilities are merged .
72 Chapter 4 Setting Up User Accounts Giving a User F ull Administrativ e Capabilities A user with full administrative capabilities is also known as a directory domain administrator .
Chapter 4 Setting Up User Accounts 73 Allowing a User t o Log In to More Than One C omputer A t a Time Y ou can allow a managed user to log in to mor e than one managed computer at a time, or you can preven t the user from doing so. Note: Simultaneous login is not recommended for most users .
74 Chapter 4 Setting Up User Accounts 4 T o specify the user’ s default shell when logging in to a Mac OS X computer , choose a shell from the Login Shell pop-up menu . T o specify a shell that doesn ’t appear in the list, choose Custom and then en ter the path to the shell.
Chapter 4 Setting Up User Accounts 75 If you choose Shadow P assword, you can also select authentication methods by clicking Securit y . 6 Click Save . Creating a Master List of K eywords Y ou can define keywords that enable quick searching and sorting of user accounts.
76 Chapter 4 Setting Up User Accounts T o work with keywor ds for a user account: 1 In W orkgroup Manager , click Accounts. 2 Select the user account you want to w ork with. T o select the account, click the globe icon, choose the director y domain where the account re sides, and then select the user account in the accounts list.
Chapter 4 Setting Up User Accounts 77 W ork ing with Group Settings Group settings identify the groups a user belongs t o. In W orkgroup Manager , use the Group Settings pane in the user ’ s acc ount to work with gr oup settings. F or information about how to administ er group accounts , see Chapter 5 , “Setting Up Group Accoun ts.
78 Chapter 4 Setting Up User Accounts W orkgroup Manager displays long and short names for the group after y ou enter a primar y gr oup ID (if the group exists and is accessible in the search policy of the server you ’ re logged in to).
Chapter 4 Setting Up User Accounts 79 T o add a user to a group using W orkgroup Manager: 1 In W orkgroup Manager , click Accounts. 2 Select the user account you want to w ork with. T o select the account, click the globe icon, choose the director y domain where the account re sides, and then select the user account in the accounts list.
80 Chapter 4 Setting Up User Accounts W ork ing with Mail Settings Y ou can create a mail accoun t by specifying mail settings in the user account. T o use the mail ser vic e account, the user configures a mail client to iden tify the user name, password , mail service, and mail protocol you specify in the mail settings .
Chapter 4 Setting Up User Accounts 81 Disabling a User’ s Mail Service Y ou can use Workgroup Manager to disable mail service for users whose accounts ar e stored in an Open Directory domain, the local director y domain, or other read/write director y domain.
82 Chapter 4 Setting Up User Accounts In W orkgroup Manager , use the Print Quota pane in the user account to w ork with print quota settings. Enabling a User’ s A ccess to All A vailable P rint Queues Y ou can use Workgroup Manager to allow a user t o print to all or some of the accessible Mac OS X print queues that enf orce quotas.
Chapter 4 Setting Up User Accounts 83 6 T o give the user unlimited printing rights t o the queue, select “Unlimited prin ting”; other wise , select “Limit to ” and specify the maximum number of pages the user can print in a specific number of da ys.
84 Chapter 4 Setting Up User Accounts 3 T o authenticate , click the lock and ent er the name and password of a directory domain administrator . 4 Click Print Quota.
Chapter 4 Setting Up User Accounts 85 Other users can view the information in this pane when they view the user account in W orkgroup Manager and Directory . T o change a user’ s info: 1 In W orkgroup Manager , click Accounts. 2 Select the user account you want to w ork with.
86 Chapter 4 Setting Up User Accounts T o change the Windows roaming profile location for a user accoun t: 1 In W orkgroup Manager , click Accounts. 2 Open the user account whose profile location y ou want to change. T o open a user account in the PDC, click the globe icon and choose the PDC ser ver’ s LDAP director y .
Chapter 4 Setting Up User Accounts 87 Enter the relativ e path to a login script in /etc/netlogon/ on the PDC server . F or example, if an administrator places a script named setup .bat in /etc/netlogon/, the Login Script field should con tain “setup .
88 Chapter 4 Setting Up User Accounts T o view a user or group GUID: 1 In W orkgroup Manager , click Accounts. 2 Make sure the director y services of the Mac OS X Ser ver comput er you ’ re using are configured to acce ss the director y domain. 3 Click the globe icon and then choose the domain where the account r esides.
5 89 5 Setting Up Group Acc oun ts This chapter t ells you how t o set up , edit, and manage group accounts . A group account off ers a simple way to manage a collection of users with similar needs. Y ou can also create group f olders, which provide an easy way f or group members to share files with each other .
90 Chapter 5 Setting Up Group Accounts Where Group A ccounts Ar e Stored Group accounts can be st ored in any Open Directory domain. A director y domain can reside on a Mac OS X computer (f or example, an Open Director y domain) or it can reside on a non-Apple server (for example , an LDAP or Active Director y server).
Chapter 5 Setting Up Group Accounts 91 Administ ering Group Acc ounts W orkgroup Manager lets you administer group acc ounts stored in multiple directory domains. Creating Group A ccoun ts T o create a group accoun t in a director y domain, you must have domain administrat or privileges.
92 Chapter 5 Setting Up Group Accounts Y ou can also use a preset or an import file to create a group . For details , see “Creating a Pr eset for Group A ccounts ,” and the appendix, “Importing and Expor ting Account Inf ormation.” Fr om the Command Line Y ou can also create a group acc ount using the dseditgroup command in T erminal.
Chapter 5 Setting Up Group Accounts 93 4 T o authenticate , click the lock and ent er the name and password of a directory domain administrator . 5 Click the Groups button and select the group you want t o work with. 6 Edit settings for the group in the pane s provided .
94 Chapter 5 Setting Up Group Accounts 5 T o create a group , click the Groups butt on. 6 In the Members pane, click the Add (+) button to open a draw er that lists the users and groups defined in the directory domain you’ re working with.
Chapter 5 Setting Up Group Accounts 95 T o work with read-only gr oups: 1 In W orkgroup Manager , click Accounts. 2 Make sure that the director y services of the Mac OS X Ser ver comput er you’ re using are configured to acce ss the director y domain where the acc ount resides .
96 Chapter 5 Setting Up Group Accounts Because long group names support various character sets, the number of characters for long group names can range fr om 25 5 Roman charac ters t o as few as 63 characters (for character sets in which characters occupy up to 4 bytes).
Chapter 5 Setting Up Group Accounts 97 Y ou can use Workgroup Manager to edit the ID f or a group account stor ed in an Open Director y domain or the local domain, or to review the group ID in an y director y domain accessible from the server you ’ re using .
98 Chapter 5 Setting Up Group Accounts Enabling a Group ’ s W eb S ervices Mac OS X Ser ver v1 0.5 includes Groups, a feature that allows groups t o easily create a collaborative websit e. This website uses calendar , wik i, and blog technology to streamline group communication.
Chapter 5 Setting Up Group Accounts 99 5 Select the ser vices you wan t to enable. Y ou can only select ser vices that ar e not disabled by your web server . 6 Choose who can view the group website b y using the “ can view these ser vices ” pop-up menu.
100 Chapter 5 Setting Up Group Accounts 3 T o authenticate , click the lock and ent er the name and password of a directory domain administrator . 4 In the Members pane, click the Add (+) button to open a draw er that lists the users and groups defined in the directory domain you’ re working with.
Chapter 5 Setting Up Group Accounts 101 F or example, to set a multimedia lab computer specifically f or a movie-editing class, you could set Dock pref erences for the mo vie-editing workgroup to dis play only iMovie and the group folder .
102 Chapter 5 Setting Up Group Accounts  Setting up login preference s so that users can click Computer in the F inder to see the group folder share poin t and the group folders in it. F or instructions, see “Pr oviding Easy Access t o the Group Share P oint ” on page 1 99.
Chapter 5 Setting Up Group Accounts 103 6 In the Owner Name fields, enter the shor t name and long name of the user you wan t to assign as the owner of the group folder so the user can act as group f older administrator . T o choose an owner from a list of users in the curren t director y domain, click the Browse (.
104 Chapter 5 Setting Up Group Accounts.
6 105 6 Setting Up Comput ers and C omputer Gr oups This chapter t ells you how t o set up and manage individual computers and gr oups of computers. T o manage an individual computer , you must create a computer account. T o manage a group of computers , you must creat e a computer group composed of comput er accounts or of other computer gr oups.
106 Chapter 6 Setting Up Computers and Computer Groups When a computer starts up, Mac OS X tries to match the computer’ s Ethernet address with a computer account. If a matching computer accoun t is found , the computer uses the managed preferenc es for that comput er account and the computer groups it belongs to .
Chapter 6 Setting Up Computers and Computer Groups 107 If keywords that you want to associate ar en ’t listed in the master keyword list, click Edit Keywords, click the Add (+) button, enter a name for the keyword , and click OK. Select the k eywor ds you want to associate with the c omputer and click OK.
108 Chapter 6 Setting Up Computers and Computer Groups Important: Don ’t create computer accounts f or Windows 2 000 or Windows XP computers. If you do so , they may not be usable f or domain login. Instead , use the Windows software on these computers t o join them to the Windows domain.
Chapter 6 Setting Up Computers and Computer Groups 109 Â A computer group is a group of c omputers that have the same pr eference settings and are av ailable to the same users and groups. Â Y ou can add up to 2000 c omputers to a computer gr oup. Y ou can create hierarchical gr oups to manage computers with Mac OS X v1 0.
110 Chapter 6 Setting Up Computers and Computer Groups Using presets , you can easily set up multiple computer groups that use similar settings. Howev er , you can only use presets when creating a c omputer group . Y ou can’t use a preset to change a comput er group .
Chapter 6 Setting Up Computers and Computer Groups 111 4 Click the Computer Gr oups button (on the left) and then click Basic. 5 F rom the Pre sets pop-up menu, choose a preset. 6 Choose Ser v er > New Computer Group (or click New C omputer Group in the toolbar).
112 Chapter 6 Setting Up Computers and Computer Groups 5 Click the Remove (–) button and then click Sa ve. Deleting a Computer Gr oup If you no longer need a computer group , y ou can use W orkgroup Manager to delete it. T o delete a computer gr oup: 1 In W orkgroup Manager , click Accounts.
7 113 7 Setting Up Home F olders This chapter pr ovides guideline s for setting up and managing home folders . Mac OS X uses the home folder—a folder f or a user’ s personal use—to store the user ’ s application preferenc es and personal files, like documents and music.
114 Chapter 7 Setting Up Home Folders The home folder y ou designate in the Home pane can be used when logging in from a Windows workstation or a Mac OS X computer . This can be helpful for a user whose account re sides on a ser v er that is a Windows primary domain controller (PDC).
Chapter 7 Setting Up Home Folders 115 The default share poin t for Windows home folders is the same as the share point f or Mac OS X home folders. The default share poin t for user profile s is the /Users/Profile s/ folder on the PDC and BDC servers. ( This SMB share poin t is not shown in W orkgroup Manager .
116 Chapter 7 Setting Up Home Folders Step 3: Create the user accoun ts in the shared domain on the accounts server F or information about specifying which shar e point is used for a user’ s home folder , see “ Administering Home F olders” on page 1 2 1.
Chapter 7 Setting Up Home Folders 117 Setting Up an Automoun table AFP Share P oint for Home F olders Y ou can use Ser v er Admin to set up an AFP share poin t for home folders .
118 Chapter 7 Setting Up Home Folders 11 Click Prot ocol Options. 12 In AFP , select “Share this item using AFP” and “ Allow AFP guest access .” When you enable guest acce ss, it is enabled for all home folders in the share point. By default, in home folders guests can only access /P ublic and /Sites f olders.
Chapter 7 Setting Up Home Folders 119 3 T o view a list of available services, use the disclosure triangle next to your server . If Ser ver A dmin doesn ’t list the NFS service, click the Add (+) button, choose Add Ser vice , select NFS, and then click Save.
120 Chapter 7 Setting Up Home Folders  Set the default permissions for new files and f olders in the share point SMB share points can ’t be used for Mac OS X home folders , but can be used for Windows home folders . Note: Don ’t use a slash (/) in the name of a folder or v olume you plan to share .
Chapter 7 Setting Up Home Folders 121 Important: Do not enable oplocks for a shar e point that’ s using a protocol other than SMB. F or more information on oplocks , see F ile Ser vice s Administration . Â T o set standard locks on server files, selec t “Enable stric t locking.
122 Chapter 7 Setting Up Home Folders T o open a director y domain, click the globe icon and choose from the pop-up menu. T o authenticate , click the lock. 3 Click the Users button and select one or more user accounts . 4 Click Home and select (None) from the list.
Chapter 7 Setting Up Home Folders 123 8 Click Create Home Now and then click Sa ve. If you do not click Create Home Now bef ore clicking Save , the home folder is creat ed the next time the user logs in remotely . However , only cer tain clien ts can connect to ser v ers hosting share points in the local domain.
124 Chapter 7 Setting Up Home Folders 3 T o authenticate , click the lock and ent er the name and password of a directory domain administrator . 4 Click Home; then in the share points list select the share point you wan t to use.
Chapter 7 Setting Up Home Folders 125 The share point f or a local user account’ s home folder should reside in an AFP shar e point on the server where the user account reside s. T his share point does not need t o be automountable—that is , it does not r equire a network mount r ecord in the director y domain.
126 Chapter 7 Setting Up Home Folders F or example, to create a home folder f or a user named Smith, in a custom location of /Homes/T eachers/SecondGrade/, enter “ T eachers/SecondGrade/Smith.” Make sure the custom location folder exists . Do not put a slash (/) at the beginning or the end of the path.
Chapter 7 Setting Up Home Folders 127 Note: Home folders are creat ed the first time a user logs in only on share points served through an AFP or SMB server .
128 Chapter 7 Setting Up Home Folders  Optionally , enter a disk quota f or the user ’ s home f older and specify megabyte s (MB) or gigabytes (GB). Important: This quota also applie s to the user ’ s roaming profile if it ’ s on the same volume as the home folder .
Chapter 7 Setting Up Home Folders 129 Setting Disk Quotas Y ou can limit the disk space users ha ve av ailable to store files in the v olume where their home folders reside . This quota applies to all files that the user st ores in the volume wher e his or her home folder reside s, including all files stored in the user’ s drop box.
130 Chapter 7 Setting Up Home Folders Setting Disk Quotas for Windows Users to A void Data L oss A disk quota that applies to a Windows user’ s roaming profile folder must be lar ge enough to cov er the user ’ s expected data storage needs f or a work session.
8 131 8 Manag ing P or table C omputers This chapter pr ovides inf ormation about tools a v ailable to manage por table comput ers. Mac OS X Ser ver allows y ou to create and manage mobile accoun ts for users of portable computers. About Mobile Acc ounts If your organization uses portable computers, assign mobile accounts to users.
132 Chapter 8 Managing Portable Computers About P or table Home Directories A portable home direc tory is a synced subset of a user ’ s local and network home folders. Y ou can configure which f olders to sync and how often to sync them. Users can also initiate syncing .
Chapter 8 Managing Portable Computers 133 Logging In t o Mobile Accoun ts If a user has created a portable home director y , logging in to a mobile account is similar to logging in to a local accoun t. F irst, the user selec ts his or her accoun t and then enters the corr ect password to complete the login.
134 Chapter 8 Managing Portable Computers Resolving Sync C onflic ts When a user ’ s file s and folders sync, a sync conflict can occur if a file in the user ’ s local home folder and the network home f older have tw o versions of a file and it is not clear which one should be saved .
Chapter 8 Managing Portable Computers 135 All mobile accounts on Mac OS X v1 0.5 or later (including ex t ernal accounts) can use FileV ault to encrypt the contents of the local home folder . For more inf ormation, see “Enabling FileV ault for Mobile A ccounts ” on page 205.
136 Chapter 8 Managing Portable Computers Consider ations and Strategie s for Deplo ying Mobile Accoun ts Before y ou deploy mobile accounts , carefully weigh the adv antages and disadv antages of using mobile accounts and strategiz e how you will configure them.
Chapter 8 Managing Portable Computers 137 Mobile accounts cache temporary files locally , improving network and individual computer performance. Locally caching files like webpages helps reduc e network traffic. Y ou can also reduce network traffic b y carefully planning user sync settings.
138 Chapter 8 Managing Portable Computers Consider the f ollowing: Â Improperly set sync settings can cause long dela ys during login and logout and can create inconsisten t home folders. Â If multiple users create a mobile account on the same comput er , it could cause excessiv e proliferation of home f olders.
Chapter 8 Managing Portable Computers 139 Mobile accounts can ’t restor e deleted files through syncing Although mobile accounts keep user files stored in tw o locations—in local and network home folders—they do not eliminat e the need for a formal backup syst em.
140 Chapter 8 Managing Portable Computers  The user uses the same mobile accoun t to log in to two comput ers simultaneously . This might create sync issue s with the two computers , causing the computers t o display err or messages.
Chapter 8 Managing Portable Computers 141 Create at least one local administrator accoun t and create local user accounts as needed. Make sure the users’ local account names are not easily confused with the users’ network names.
142 Chapter 8 Managing Portable Computers F or more information about setting up a guest c omputer account f or Mac OS X users, see “ W ork ing with Gue st Computers ” on page 1 07.
Chapter 8 Managing Portable Computers 143 When using a wireless mobile lab , it is v er y difficult t o control who uses s pecific computers. Unlike personal por table computers (wher e you know who u.
144 Chapter 8 Managing Portable Computers Because multiple users can store it ems in the local home folder for a generic acc ount, you might want to periodically clean out that f older as part of your maintenance routine.
Chapter 8 Managing Portable Computers 145 If you enable the option, a ser ver daemon updates the database of changed file s. T he user ’ s c omputer scans only the folders in the local home f older that have been modified since the last time the database was updated .
146 Chapter 8 Managing Portable Computers.
9 147 9 Client Man agemen t O v er view This chapter pr ovides an in troduction to Mac OS X client management. Client management is the cen tralized administration of your users ’ c omputer experience, as shown in the following illustration.
148 Chapter 9 Client Management Overview Using Netw ork-Visible Resources Mac OS X Ser ver lets y ou make various resourc es visible throughout your netw ork so users can access them from diff erent computers and v arious locations. There are sev eral key network-visible resource s: Â Network home folders .
Chapter 9 Client Management Overview 149 Cust omizing the User Experience Y ou manage a network user’ s work environmen t by defining prefer ences—settings that customize and con trol the user ’ s computer experience. There are tw o panes in Workgroup Manager P referenc es: Overview and D etails .
150 Chapter 9 Client Management Overview Designing the Login Experienc e An example of the power of pref erence management is the ability to shape and contr ol the user ’ s login experienc e. Y ou can set up Login prefer ences for comput ers and computer groups to c ontrol the appearance of the login window .
Chapter 9 Client Management Overview 151 Choosing a W orkgroup In addition to customizing the login window , you can manage login pref erences that affect whether users choose workgroups.
152 Chapter 9 Client Management Overview Any pref erences associated with the user , the chosen workgroup , parent workgroups, and the computer being used , tak e eff ect upon login. If you manage login access pref erences , you can customize the workgroup choosing process .
Chapter 9 Client Management Overview 153 Applications can be stored locally on a c omputer ’ s har d disk or on a ser v er in a share point. If applications are stored locally , users can find them in the Applications folder .
154 Chapter 9 Client Management Overview.
10 155 10 Manag ing Pr efer ence s This chapter pr ovides inf ormation about managing pref erences f or users, workgroups , computers , and computer groups.
156 Chapter 10 Managing Preferences Understanding Managed Pr eferenc e Inter actions Y ou can define prefer ences for user accoun ts, group accounts, computers , and computer groups that are set up in a shar ed director y domain. Dock Dock location, behavior , and items .
Chapter 10 Managing Preferences 157 A user whose account has defined pref erences is ref erred to as a managed user . An individual computer , or a computer that is a member of a computer group with defined preferenc es, is called a managed computer .
158 Chapter 10 Managing Preferences Y ou could set up Media Acce ss preference s for workgr oups or computer groups to limit all students ’ acce ss but override these r estrictions for lab assistants using Media Access settings at their user acc ount level.
Chapter 10 Managing Preferences 159 Computer gr oup preference s also offer a way to manage the pr eference s of users who don ’t hav e a network account but who can log in t o a Mac OS X comput er using a local account. ( The local acc ount, defined using the Accounts pane of System Pr eferences , resides on the user ’ s c omputer .
160 Chapter 10 Managing Preferences  Once is available f or some prefer ences. Y ou can create defa ult preferenc es, which users can then modify and keep the modifications. T hese prefer ences are effectively unmanaged. F or example, you could set up a group of computers t o display the Dock in a certain way the first time users log in.
Chapter 10 Managing Preferences 161 Managing preference s means you can contr ol settings for certain system preference s in addition to controlling user acc ess to system pref erences , applications, printers , and remov able media.
162 Chapter 10 Managing Preferences 5 In each Pr eference pane , selec t a Manage option. In Media Access , the management setting applies t o all preference s rather than to individual panes. 6 Select preference settings or fill in information y ou want to use.
Chapter 10 Managing Preferences 163 2 Make sure the correct director y is selected and you ar e authenticated . T o switch directories , click the globe icon. If you are not authenticated , click the lock and enter the name and passwor d of a director y domain administrator .
164 Chapter 10 Managing Preferences Y ou can use the Once setting to creat e default settings. These are settings that, when saved , take effect the next time users log in. Users can then modify their settings and save their modified settings f or future use.
Chapter 10 Managing Preferences 165 Â If you don ’t manage the Applications pane , L egacy settings tak e eff ect for any version of Mac OS X. Â If your users run Mac OS X v1 0.
166 Chapter 10 Managing Preferences Applications that include helper applications are denoted b y a disclosure triangle. When you click the disclosure triangle , you’ll see a list of helper applications. By default, these helper applications are allow ed to open.
Chapter 10 Managing Preferences 167 6 Select “Restrict which applications are allow ed to launch.” 7 Click the Applications tab (within the Applications pane), click the Add (+) button, choose an application you want to alwa ys allow , and then click Add .
168 Chapter 10 Managing Preferences 8 T o prevent users fr om opening specific widgets, select the widget and click the Remove (–) button. 9 Click Apply Now . Disabling F ront Ro w With W orkgroup Manager , you can disable Fron t Row . T o disable F ront Row: 1 In W orkgroup Manager , click Preferenc es.
Chapter 10 Managing Preferences 169 Allowing UNIX tools enhances application c ompatibility and efficient operation, but may decrease security . If you don ’t manage Applications settings f or computers running Mac OS X v1 0.5 or later , Legac y settings ar e used.
170 Chapter 10 Managing Preferences The table below describe s what settings in each Classic pane can do. Selec ting Classic Startup Options W orkgroup Manager provides a number of wa ys to control ho w and when the Classic environmen t star ts .
Chapter 10 Managing Preferences 171 8 Click Apply Now . Choosing a Classic Syst em F older In most cases, there is only one Mac OS 9 System F older on a computer , and it is on the Mac OS X star tup disk. In this case, you don ’t need to s pecify a Classic System F older .
172 Chapter 10 Managing Preferences Y ou can allow users to perform special actions, such as turning off ex t ensions, star ting or restarting Classic, or rebuilding the Classic desktop file, from the Advanc ed pane of Classic system prefer ences. Y ou might want to allow this for specific users , such as members of your technical staff .
Chapter 10 Managing Preferences 173 T o switch directories , click the globe icon. If you are not authenticated , click the lock and enter the name and passwor d of a director y domain administrator . 3 Select one or more users, groups, computers , or computer groups.
174 Chapter 10 Managing Preferences Maintaining C onsistent U ser Pr eference s for Classic Ordinarily , Classic looks for a user’ s Mac OS 9 preferences data in the Mac OS 9 Sy stem F older .
Chapter 10 Managing Preferences 175 T o switch directories , click the globe icon. If you are not authenticated , click the lock and enter the name and passwor d of a director y domain administrator . 3 Select one or more users, groups, computers , or computer groups.
176 Chapter 10 Managing Preferences 5 Click Dock and then click Dock I tems . 6 Set the management setting to Once or Always . If you select Once, the group folder icon appears in the user’ s Dock initially , but the user can remove it. 7 Select “ Add group f older .
Chapter 10 Managing Preferences 177 The My Applications folder c ontains aliases for appr oved applications listed in the Applications pref erence pane. If you do not manage the Applications prefer ence, available applications ar e shown. If you enable Simple Finder , you should display the My Applications folder .
178 Chapter 10 Managing Preferences The table below summarize s what you can control with settings in each Ener gy Saver pane. Using Sleep and W ake Settings for Desktop C omputers Putting a comput er to sleep save s energy because it turns off the displa y and stops the hard disk from running .
Chapter 10 Managing Preferences 179 7 T o set wake and restart settings, choose Options from the Settings pop-up menu and do the following: 8 Click Apply Now . T o manually wake up a sleeping computer or display , the user can click the mouse or press a key on the keyboard.
180 Chapter 10 Managing Preferences 6 T o adjust sleep settings, choose Sleep from the Settings pop-up menu and do the following: 7 T o set wake and restart settings, choose Options from the Settings pop-up menu and do the following: 8 Click Apply Now .
Chapter 10 Managing Preferences 181 Users should be encouraged to monitor batt er y status when not connected to external power and use a pow er adapter when possible to maintain a fully char ged battery. T o show battery status in the menu bar: 1 In W orkgroup Manager , click Preferenc es.
182 Chapter 10 Managing Preferences 8 Click Apply Now . Managing F inder P refer ences Y ou can control v arious aspects of Finder menus and windo ws, which can help improve or control w orkflow . F or example, you can simplify the user experience by enabling Simple F inder .
Chapter 10 Managing Preferences 183 T o turn on Simple F inder: 1 In W orkgroup Manager , click Preferenc es. 2 Make sure the correct director y is selected and you ar e authenticated . T o switch directories , click the globe icon. If you are not authenticated , click the lock and enter the name and passwor d of a director y domain administrator .
184 Chapter 10 Managing Preferences 4 Click Finder , click the Pref erences tab , and then select a management setting. 5 Under “New Finder window shows ,” choose the default folder f or the Finder window . Select Home to show items in the user ’ s home f older .
Chapter 10 Managing Preferences 185 5 Select “ Always show file extensions.” 6 Click Apply Now . Con trolling User A ccess t o Remote Ser v ers Users can connect to a remote server by choosing the “Connect to Ser v er ” command in the Finder Go menu and pr oviding the server ’ s name or IP address .
186 Chapter 10 Managing Preferences T o switch directories , click the globe icon. If you are not authenticated , click the lock and enter the name and passwor d of a director y domain administrator . 3 Select one or more users, groups, computers , or computer groups.
Chapter 10 Managing Preferences 187 4 Click Finder , click Commands, and then set the management setting to Always. 5 Deselect “Go to Folder .” 6 Click Apply Now .
188 Chapter 10 Managing Preferences 8 Click Apply Now . Adjusting the Ap pearance of F inder Windo w Con tents Items in Finder windows can be view ed in a list or as icons. Y ou can control aspects of how these items look, as well as whether to show the toolbar in a F inder window.
Chapter 10 Managing Preferences 189 Managing Login P reference s Use Login pr eferences t o set options for user login, to provide password hin ts, and to control the user’ s ability to restar t and shut do wn the computer from the login window . Y ou can also mount a group volume or set applications to open when a user logs in.
190 Chapter 10 Managing Preferences The directory administrator account is considered a network accoun t, and is therefore hidden when you don ’t show network users. Another way to hide this account w ould be to set the directory administrator account’ s user ID to below 1 00.
Chapter 10 Managing Preferences 191 T o ensure that a type of user doesn ’t show up in the list, deselect the corresponding setting. T o display mobile accoun ts on client computers with Mac OS X v1 0.5 or later , select “Show mobile accounts .” T o display mobile accoun ts on client computers with Mac OS X v1 0.
192 Chapter 10 Managing Preferences T o configure miscellaneous log in options: 1 In W orkgroup Manager , click Preferenc es. 2 Make sure the correct director y is selected and you ar e authenticated .
Chapter 10 Managing Preferences 193 Note: A user with an administrator account in a clien t computer’ s local direc t or y domain can always log in. T o choose who can log in: 1 In W orkgroup Manager , click Preferenc es. 2 Make sure the correct director y is selected and you ar e authenticated .
194 Chapter 10 Managing Preferences The follo wing access options control w orkgroup settings at login. T o customize the w orkgroups displa yed at log in: 1 In W orkgroup Manager , click Preferenc es. 2 Make sure the correct director y is selected and you ar e authenticated .
Chapter 10 Managing Preferences 195 When enabling the use of login and logout scripts, you can set a trust value for the client. T rust values determine the required level of a uthentication befor e a client trusts a ser v er enough to run its scripts.
196 Chapter 10 Managing Preferences 4 Click Edit. 5 If the local host name contains special nonalphabetic or non-numeric characters such as spaces , dashes, and underscores , remove the special characters and then click OK. F or example, change local host names like “ Anne-Johnson ’ s-Computer” to “ AnneJohnsonsComputer .
Chapter 10 Managing Preferences 197 Y ou can ’t run scripts that are lar ger than 30 KB . T o choose login or logout scripts: 1 In W orkgroup Manager , click Preferenc es. 2 Make sure the correct director y is selected and you ar e authenticated . T o switch directories , click the globe icon.
198 Chapter 10 Managing Preferences The application remains open but its windows and menu bar remain hidden un til the user activates the application (for example , b y clicking its icon in the D ock). 8 T o automatically connect the user to a server , select the ser ver and then select “Mount share point with user’ s name and password.
Chapter 10 Managing Preferences 199 T o automa tically mount the Network Home: 1 In W orkgroup Manager , click Preferenc es. 2 Make sure the correct director y is selected and you ar e authenticated .
200 Chapter 10 Managing Preferences If you don ’t want the gr oup share point to appear in the Dock, selec t the Hide checkbox. 9 Make sure “Mount share point with user ’ s name and password” is selec ted .
Chapter 10 Managing Preferences 201 Con trolling Acc ess to Hard Driv es, Disks, and Disk Images Y ou can control acc ess to internal or external disk driv es such as floppy disk drives , Zip drives , and F ireWire drives . Y ou can also control access to disk image s (files with the .
202 Chapter 10 Managing Preferences 6 In Disc Media or Other M edia, select “Eject all remov able media at logout.” 7 Click Apply Now . Managing Mobility Pref erence s Y ou can automatically creat e mobile accounts for users during their next login.
Chapter 10 Managing Preferences 203 Note: When a mobile account is enabled , it appears in the login window and in the Accounts pane of S ystem P reference s with the label Mobile . When the acc ount is selected in the Accounts pane , some settings may appear dimmed.
204 Chapter 10 Managing Preferences After a user creates a mobile acc ount, the local home folder for that account sta ys on the computer until it’ s deleted . Y ou can delete the local home folders to sa ve disk space , or you can set an expiration period on the mobile account so the local home folders are deleted when the acc ount expires .
Chapter 10 Managing Preferences 205 6 Choose one of the following home f older options and then click OK. Enabling F ileV ault for Mobile A ccounts If your users have c omputers with Mac OS X v1 0.5 or later installed , y ou can use FileV ault to encrypt the local home folders for their mobile accounts .
206 Chapter 10 Managing Preferences Additionally , if you make the maximum size of the local home folder smaller than the network home disk quota, you can provide more flexibility for handling files with sync conflicts. If a mobile account is protected with F ileV ault, the user must be logged in to share files using File Sharing .
Chapter 10 Managing Preferences 207 Selecting the Location of a Mobile Accoun t Y ou can select the location of a mobile account’ s local home folder or you can let the user select the location. If you select the location, choose from one of the following .
208 Chapter 10 Managing Preferences 4 Click Mobility , click A ccount Creation, click Creation, and then set the management setting to Always. 5 Select “Cr eate mobile account when user logs in to netw ork account.” This option must be selected to enable a mobile account f or the selected account.
Chapter 10 Managing Preferences 209 T o switch directories , click the globe icon. If you are not authenticated , click the lock and enter the name and passwor d of a director y domain administrator . 3 Select one or more users, groups, computers , or computer groups.
210 Chapter 10 Managing Preferences T o set an expiration period: 1 In W orkgroup Manager , click Preferenc es. 2 Make sure the correct director y is selected and you ar e authenticated .
Chapter 10 Managing Preferences 211 Pr ecede the folder with ~/ to denote the location of the sync ed folder in the user’ s home folder . For example , to sync the user’ s Documents folder , enter ~/Documents. 8 Alternatively , click the Browse (.
212 Chapter 10 Managing Preferences 9 Click Apply Now . Setting the Background Sync F requenc y Y ou can change the frequency of syncing for background folders . By default, background folders sync ev er y 2 0 minutes. Y ou can set frequencies from 5 minutes to 8 hours.
Chapter 10 Managing Preferences 213  Enabling background , login, and logout sync  Selecting what is synced  Setting the sync frequency  Enabling the mobile account status menu If you disable the mobile account status menu , the user can still configure his or her mobile account in the Acc ounts pane of System P references.
214 Chapter 10 Managing Preferences Y ou must assign a single server for every t ype of pro xy ser ver (f or example, you can ’t have multiple FTP pr oxy ser vers). T o configure pro x y servers for a user or a group: 1 In W orkgroup Manager , click Preferenc es.
Chapter 10 Managing Preferences 215 Â A domain name, such as apple.com. This bypasses apple .com but not subdomains such as store.apple .com. Â An entire websit e including all subdomains, such as *.apple.com. Â A subnet in Classless Inter-Domain Routing (CIDR) notation.
216 Chapter 10 Managing Preferences 5 Set the management setting to Always. 6 Select Disable Internet Sharing. 7 Click Apply Now . Disabling AirP or t If you disable AirP or t, it is disabled the nex t time a comput er retrieves managed preferenc es. If the computer had active AirP or t connections , they are immediately disconnected.
Chapter 10 Managing Preferences 217 Managing P aren tal Con trols P refer ences P arental C ontrols pref erences allow y ou to hide profanity in Dictionar y , limit access to websites , or set time limits or other contraints on computer usage. T o manage P arental Contr ols preference s, computers must have Mac OS X v1 0.
218 Chapter 10 Managing Preferences T o switch directories , click the globe icon. If you are not authenticated , click the lock and enter the name and passwor d of a director y domain administrator . 3 Select one or more users, groups, computers , or computer groups.
Chapter 10 Managing Preferences 219 2 Make sure the correct director y is selected and you ar e authenticated . T o switch directories , click the globe icon. If you are not authenticated , click the lock and enter the name and passwor d of a director y domain administrator .
220 Chapter 10 Managing Preferences If you set a time limit for comput er usage, users who meet their daily time limits can’ t log in until the next day when their quota is reset. Y ou can set different time limits for weekdays (Monda y through F riday) and weekends (Saturday and Sunda y).
Chapter 10 Managing Preferences 221 Making Printers A vailable t o Users T o give users access to printers, you must first set up a printer list. Then you can allow specific users or groups to use prin ters in that list. Y ou can also make printers av ailable to computers .
222 Chapter 10 Managing Preferences 6 Click Print er List. 7 Deselect “ Allow user to modify the printer list.” 8 Click Apply Now . Restricting Access t o Prin ters Connected to a C omputer In some situations, you might want only certain users to print to a printer c onnected directly to their computer .
Chapter 10 Managing Preferences 223 4 Click Printing and then click P r in ters. 5 Set the management setting to Always. 6 Click Access . 7 Select a printer listed in User’ s Printer List and then click Make Default.
224 Chapter 10 Managing Preferences T o switch directories , click the globe icon. If you are not authenticated , click the lock and enter the name and passwor d of a director y domain administrator . 3 Select one or more users, groups, computers , or computer groups.
Chapter 10 Managing Preferences 225 If a user can see a par ticular pref erence , it does not mean the user can modify that preferenc e. Some preferences , such as Star tup Disk prefer ences, require an administrator name and password bef ore a user can modify its settings.
226 Chapter 10 Managing Preferences Time Machine is most appropriate for backing up computers with primarily local accounts. It is also useful if users have administrative contr ol over the comput er and can install their own applications. Y ou can limit the total backup storage per comput er .
Chapter 10 Managing Preferences 227 Managing Universal A ccess P reference s Universal Acc ess settings can help improve the user experienc e for some users. For example, if a user has difficulty using a computer or wants to work in a differ ent way , you can choose settings that enable the user to work mor e effectively .
228 Chapter 10 Managing Preferences T o adjust screen appearance: 1 In W orkgroup Manager , click Preferenc es. 2 Make sure the correct director y is selected and you ar e authenticated .
Chapter 10 Managing Preferences 229 Sticky Keys help users who can’t pr ess multiple keys simultaneously . It treats a sequence of modifier keys (Shift, Command , Option, and C ontrol) like a key combination. For example , to press C ommand-O , users can pre ss Command and then O .
230 Chapter 10 Managing Preferences T o turn off the key-combination aler t , deselect “Beep when a modifier k ey is set.” T o turn off onscreen display of keystrokes , deselec t “Show pressed keys on screen.” 7 T o activate Slow Keys, select Slow Keys On.
Chapter 10 Managing Preferences 231 T o allow Universal A ccess Shortcuts: 1 In W orkgroup Manager , click Preferenc es. 2 Make sure the correct director y is selected and you ar e authenticated .
232 Chapter 10 Managing Preferences F or example, in Safari you can disable Jav aScript by setting the Jav aScript Enabled key to “false.” If you sav e this key in the O ften gr oup, the user can enable JavaScript during their current login session but Ja vaScript is disabled when the user logs out and logs in again.
Chapter 10 Managing Preferences 233 When you use your own application pr eference s, you can choose the management frequency applied to those preference s: Some applications use ByHost preferenc es. These pref erences apply to a s pecific user for a specific c omputer .
234 Chapter 10 Managing Preferences 8 Click Add . 9 If you ’ re asked to replace the manif est, click Replace to replace the manifest. Replacing the manifest changes the underlying manif est file for the application but it doesn ’t change existing managed preferences .
Chapter 10 Managing Preferences 235 3 Select one or more users, groups, computers , or computer groups. 4 Select an item in the list and click the Edit (pencil) button.
236 Chapter 10 Managing Preferences Using the P referenc e Editor to Man age Core Services Y ou can add several important manifests by adding a single cor e ser vic es bundle. These manifests allow managemen t of many featur es that are unav ailable through the main preferenc e editing interface.
Chapter 10 Managing Preferences 237 T o add the core services bundle to the pref erence editor list: 1 In W orkgroup Manager , click Preferenc es and then click Details. 2 Make sure the correct director y is selected and you ar e authenticated . T o switch directories , click the globe icon.
238 Chapter 10 Managing Preferences 4 Click the Add (+) button, select /Applications/Safari, and then click Add . The pref erence manifests included with older v ersions of Safari don ’t hav e as many configurable prefer ences as the Safari version included with Mac OS X v1 0.
11 239 11 Solving P roblems If you encoun ter problems as y ou work with W orkgroup Manager , you ma y find a solution in this chapter . If the answer to your question isn ’t here , try searching W orkgroup Manager Help for new topics. Y ou can also search the Apple Service & Suppor t w ebsite for inf ormation and solutions at www .
240 Chapter 11 Solving Problems Y our computers should be on the same time zone . I f they ar e not on the same time zone , send the following UNIX c ommand: sudo systemsetup -settimezone ‘US/Pacific’ F or other time zones , see the man page for systemsetup .
Chapter 11 Solving Problems 241 The resulting log should ha ve an answer section, which displays the IP address of your Open Director y mast er ser v er . If there is no answ er section, or if the IP address is incorrect, per form further analysis on your DNS ser vic e.
242 Chapter 11 Solving Problems 3 On a client computer , open Network Utility , click Inf o , and then select the network interface that connects to your network. If the displayed IP addr ess is not in your range of supplied addresse s, the computer is not receiving an IP address thr ough your DHCP service.
Chapter 11 Solving Problems 243 An administrator account in the comput er ’ s local dir ector y domain can ’t be used to authenticate as an administrat or of a shared LDAP directory.
244 Chapter 11 Solving Problems  If the user ’ s accoun t resides in a directory domain that is not available , create a user account in a directory domain that is available.  Make sure the client software encodes the password so it is r ecognized correctly .
Chapter 11 Solving Problems 245 If Users Can ’t Log In with A ccoun ts in a Shared Directory D omain Users can ’t log in using accoun ts in a shared directory domain if the ser ver hosting the director y isn ’t accessible. A server can become inaccessible due to a problem with the network, the ser ver software , or the server hardware.
246 Chapter 11 Solving Problems If a Windows User Has No Home F older If a user ’ s home f older isn ’t mounted in Windows, verify the following: Â Make sure the correct home folder location is selected in the Home pane of W orkgroup Manager . Â Make sure the home folder path is correct in the Windows pane of W orkgroup Manager .
Chapter 11 Solving Problems 247 Â If the drive letter chosen for the user might be c onflicting with a drive letter in use on the Windows workstation, change the drive letter setting in the Windows pane of W orkgroup Manager or change the mappings of other drive letters on the workstation.
248 Chapter 11 Solving Problems F or example, suppose the default application for viewing PDF files is P review . A user logs in and double-clicks a PDF file on his or her desktop . If the management settings that apply to the user don ’t provide access to P review , the file does not open.
Chapter 11 Solving Problems 249 Â If the user ’ s login list does not include an y items, all managed login items will open. If you do not select “M er ge with user ’ s it ems,” all login items on either list will open. If you select Once, a user can remove an y items added to their login list.
250 Chapter 11 Solving Problems If Users See a Message About an Unexpected Error When you manage Classic pref erences and try to use the Extensions Manager , File Sharing, or Software Update control panels , you might see a message that sa ys “ The operation could not be completed .
251 Appendix Impor ting and Expor ting Acc ount Informa tion Use W orkgroup Manager to impor t and export accounts, or use the dsimpor t command-line t ool to impor t acc ounts. Y ou can quickly impor t or export user , group , computer , and computer group accounts using W orkgroup Manager .
252 Appendix Importing and Exporting Account Information Limitations for Importing and Expor ting P asswords When creating or overwriting records , you must reset passw ords for user accoun ts with Open Director y or shado w passwords. Impor ting passw ords generally works if the password is a plain-text string in the import file.
Appendix Importing and Exporting Account Information 253 Archiving the Open Directory Master Instead of exporting and impor ting records as a backup of dir ector y data, you can archive and re store the Open Directory master ’ s directory and authentication data.
254 Appendix Importing and Exporting Account Information 6 T o indicate what to do when the short name of an account being impor t ed matches that of an existing account, select one of the Duplicate Handling options: Â “Over writ e existing record” overwrites any existing recor d in the director y domain.
Appendix Importing and Exporting Account Information 255 T o export accounts using Work group Manager: 1 In W orkgroup Manager , click Accounts. 2 Make sure that the director y services of the Mac OS X Ser ver y ou’ re using are configured to acce ss the desired directory domain.
256 Appendix Importing and Exporting Account Information The follo wing group account attributes might be pr esent in the XML files: Â Group name (required) Â Group ID (required) Â One member ’ s short name (required) Â Other members’ shor t names Using XML F iles Created with AppleShare IP 6.
257 Glossary Glossar y This glossary defines terms and spells out abbreviations you ma y encounter while working with online help or the various ref erence manuals for Mac OS X Server . Reference s to terms defined elsewhere in the glossary appear in italics.
258 Glossary computer accoun t A computer account st ores data that allows Mac OS X Server to identify and manage an individual computer . Y ou create a computer acc ount for each computer that you in tend to add to a computer gr oup. See also computer group .
Glossary 259 DNS Domain Name System. A distributed database that maps IP addresses to domain names. A DNS ser ver , also known as a name ser ver , keeps a list of names and the IP addresses associated with each name . drop box A shar ed folder with privileges that allow other users t o write to , but not read , the folder’ s contents .
260 Glossary GUID Globally unique identifier . A hexadecimal string that uniquely identifies a user account, group account, or computer list. Also used to provide user and group identity for access c ontrol list (ACL) permissions , and to associat e par ticular users with group and nested group memberships .
Glossary 261 local directory domain A direc t or y of identification, authentication, authorization, and other administrative data that’ s accessible only on the computer where it re sides. The local director y domain isn ’t accessible from other c omputers on the network.
262 Glossary multicast DNS A protocol dev eloped by Apple for a utomatic discov er y of comput ers, devices , and services on IP networks. Called Bonjour (previously Rendezvous) by Apple , this proposed Internet standar d protocol is sometimes r eferred to as Z eroConf or multicast DNS.
Glossary 263 POP P ost Office Prot ocol. A protocol for retrieving incoming mail. After a user retrieves POP mail, it ’ s stored on the user’ s computer and is usually deleted automatically fr om the mail ser v er . portable home direc tory A portable home direc t or y pro vides a user with both a local and network home folder .
264 Glossary scope A group of services. A scope can be a logical grouping of computers, such as all computers used by the production department, or a physical grouping, such as all computers located on the first floor . Y ou can define a scope as part or all of your network.
Glossary 265 T CP T ransmission Control P rotocol. A method used with the Internet P rotocol (IP) to send data in the form of message units betw een computers ov er the Internet.
266 Glossary.
267 Index Index A access ACLs 27, 29 Apple menu 172, 187 application 149, 153, 164, 165, 168, 177 control process 27, 32 disk 183, 185, 201 file 28, 247 folder 28, 38, 153, 186, 245 group 28, 103, 153.
268 Index B background synchronization 139, 212 backup account 252 Time Machine 150, 157, 225 vs. synchronization 139 backup domain controller. See BDC batch editing 51 batteries 177, 180 BDC (backup domain controller) 55, 57, 114, 245 Bluetooth 216 boot process.
Index 269 directories. See directory services; domains, directory; folders directory domain administrator 38, 72 directory services Active Directory 29, 35, 37, 57, 132 administrators for 23 preferenc.
270 Index command-line tools 103, 123 My Applications 177 synchronization of 210, 212 System 169, 171 See also group folders; home folders Front Row 165, 168 FTP (File Transfer Protocol) service 215 full name. See long name G GID (group ID) 27, 96 globally unique identifier.
Index 271 iDisk 185 images, disk. See disk images; NetBoot; NetInstall importing accounts 53, 68 authentication 252, 253 command-line tools 251 groups 253 GUID maintenance 252 overview 251 passwords 68, 252 users 253 XML files 255, 256 See also exporting Info settings 84 inheritance, file permission 93 inherited preferences 158 install images.
272 Index expiration periods 209 external accounts 134, 208 home folders 37, 121, 132, 133, 134, 135, 138, 152, 202, 204, 205, 207 local 136, 142 login 133, 134, 135, 140, 198, 202 overview 13, 131 po.
Index 273 ports, proxy server 213, 214 POSIX (Portable Operating System Interface) 28, 29 power settings. See Energy Saver predefined accounts 56, 90, 251 preferences account 139 appearance 227 assist.
274 Index shutdown, controlling 181, 187 SID (Security Identifier) 29 Simple Finder 182 simultaneous login privileges 73 single sign-on authentication 245 sleep settings 173, 177, 181 Slow Keys 229 SM.
Index 275 mail service 80, 81 network 31, 136 overview 55 permissions 70 planning for 34, 35 preferences control 149, 157, 161, 174 primary group for 28, 77, 89 print service 81, 82, 83, 84, 220, 221,.
An important point after buying a device Apple 10.5 Leapard (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought Apple 10.5 Leapard yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data Apple 10.5 Leapard - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, Apple 10.5 Leapard you will learn all the available features of the product, as well as information on its operation. The information that you get Apple 10.5 Leapard will certainly help you make a decision on the purchase.
If you already are a holder of Apple 10.5 Leapard, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime Apple 10.5 Leapard.
However, one of the most important roles played by the user manual is to help in solving problems with Apple 10.5 Leapard. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device Apple 10.5 Leapard along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center
