Manuals
/
Apple
/
Baby
/
Model Vehicle
Apple
10.5 Leapard
manual
Mac OS X Server
Models:
10.5 Leapard
1
1
275
275
Download
275 pages
23.09 Kb
1
2
3
4
5
6
7
8
Install
Bluetooth
Password
Choosing a Default Shell
Login
Administering User Accounts
Configuring Portable Computers
Solving Account Problems
Using Presets
Information Access Control
Page 1
Image 1
Mac OS X Server
User Management
For Version 10.5 Leopard
Page 1
Page 2
Page 1
Image 1
Page 1
Page 2
Contents
Mac OS X Server
019-0938/2007-09-01
Contents
Setting Up an Administrator Computer
Configuring the Administrator’s Computer and Account
Creating a Domain Administrator Account
Using Workgroup Manager
Contents
Where Group Accounts Are Stored
Setting Up Group Accounts
Administering Group Accounts
Creating a Preset for Group Accounts
118
Chapter
Contents
Contents
If You Can‘t Change a User’s Password Type to Open Directory
267
257
What’s New in Workgroup Manager
About This Guide
What’s in This Guide
To get help for an advanced configuration of Leopard Server
Using Onscreen Help
To see the most recent server help topics
This guide Tells you how to
Mac OS X Server Administration Guides
User Management
Getting Additional Information
Getting Documentation Updates
Workgroup Manager
Tools for User Management
See this document
Server Admin
NetInstall
NetBoot
Server Preferences
Accounts
Command-Line Tools
Server Administration
Administrator Accounts
Guest Account
User Accounts
Computer Accounts
Group Accounts
User Experience
Authentication and Identity Validation
Computer Groups
Information Access Control
Folder and File Owner Access
ACLs and Posix Permissions
User Management Overview
Getting Started with User Management
Setup Overview
Set up an administrator computer
Create user accounts and home folders
Analyzing Your Environment
Planning Strategies for User Management
Determining Server and Storage Requirements
Identifying Directory Services Requirements
Users with local accounts typically have local home folders
Choosing a Home Folder Structure
Devising a Home Folder Distribution Strategy
Identifying Groups
Determining Administrator Requirements
Getting Started with User Management
Getting Started with User Management
Setting Up an Administrator Computer
Configuring the Administrator’s Computer and Account
To set up an administrator computer
Creating a Domain Administrator Account
Using Workgroup Manager
To create a domain administrator account
To connect and authenticate to directory domains
Major Workgroup Manager Tasks
To set Workgroup Manager preferences
Modifying Workgroup Manager Preferences
Preference Description
Working with Account Lists in Workgroup Manager
Finding and Listing Accounts
Listing Accounts in the Local Directory Domain
To list accounts in a server’s local directory domain
Listing Accounts in Search Policy Directory Domains
Refreshing Account Lists
Listing Accounts in Available Directory Domains
Finding Specific Accounts in a List
To filter items in the list of accounts
Using Advanced Search
To do this Do this
Shortcuts for Working with Accounts
Using Presets
Sorting Users and Groups
Interface element Mixed-state appearance
Editing Multiple Accounts Simultaneously
To batch-edit accounts that match specific criteria
Importing and Exporting Account Information
Getting Started with Workgroup Manager
About User Accounts
Where User Accounts Are Stored
User ID
Predefined User Accounts
Creating User Accounts
Administering User Accounts
To create a user account
To make changes to a user account
Editing User Account Information
Working with Guest Users
Working with Read-Only User Accounts
To work with a read-only user account
Working with Windows User Accounts
To delete a user account using Workgroup Manager
Deleting a User Account
Disabling a User Account
Creating a Preset for User Accounts
Working with Presets
To create a preset for user accounts
Renaming Presets
Using Presets to Create Accounts
Editing Presets
To create an account using a preset
Deleting a Preset
Working with Basic Settings
To edit a preset
To delete a preset
Modifying Short Names
To work with the user name using Workgroup Manager
Choosing Stable Short Names
To work with a user short name using Workgroup Manager
Avoiding Duplicate Names
To change a user ID in Workgroup Manager
Modifying User IDs
Assigning Administrator Privileges for a Server
Assigning a Password to a User
To assign a password
To set server administrator privileges in Workgroup Manager
To change a user’s login picture
Choosing a User’s Login Picture
Giving a User Limited Administrative Capabilities
Removing Administrative Privileges from a User
To remove a user’s administrative privileges
Working with Privileges
Task Description
To add limited administrative capabilities
Giving a User Full Administrative Capabilities
Working with Advanced Settings
To change a user’s administrative privileges
To enable a user’s calendar
To choose a default shell
Choosing a Default Shell
To choose a user password type and set password options
Choosing a Password Type and Setting Password Options
Applying Keywords to User Accounts
Creating a Master List of Keywords
To edit the master keyword list
Editing Comments
To work with a comment using Workgroup Manager
To work with keywords for a user account
To set a primary group ID using Workgroup Manager
Working with Group Settings
Choosing a User’s Primary Group
Reviewing a User’s Group Memberships
To review group memberships using Workgroup Manager
Adding a User to a Group
To add a user to a group using Workgroup Manager
Working with Home Settings
To remove a user from a group using Workgroup Manager
Removing a User from a Group
Enabling Mail Service Account Options
Working with Mail Settings
Disabling a User’s Mail Service
Working with Print Quota Settings
To disable a user’s mail service using Workgroup Manager
To forward a user’s mail using Workgroup Manager
Enabling a User’s Access to Specific Print Queues
Enabling a User’s Access to All Available Print Queues
To delete a user’s print quota using Workgroup Manager
Resetting a User’s Print Quota
To restart a user’s print quota using Workgroup Manager
Removing a Print Quota For a Queue
To disable a user’s access to print queues enforcing quotas
Working with Info Settings
Changing a Windows User’s Profile Location
Working with Windows Settings
To change a user’s info
Changing a Windows User’s Login Script Location
Changing a Windows User’s Home Folder Drive Letter
Working with GUIDs
Changing a Windows User’s Home Folder Location
Viewing GUIDs
To view a user or group Guid
How Group Accounts Track Membership
About Group Accounts
Predefined Group Accounts
Where Group Accounts Are Stored
Predefined Group name Group ID Use
Creating Group Accounts
Administering Group Accounts
To create a group account
To create a preset for group accounts
Creating a Preset for Group Accounts
Editing Group Account Information
To make changes to a group account
To create a hierarchical group
Creating Hierarchical Groups
Upgrading Legacy Groups
To convert a legacy group to an upgraded group account
Working with Read-Only Groups
To delete a group using Workgroup Manager
Working with Basic Settings for Groups
Deleting a Group
Naming a Group
Defining a Group ID
To work with group names using Workgroup Manager
To work with a group ID using Workgroup Manager
Choosing a Group’s Login Picture
To choose a group’s login picture
To enable a group’s web services
Enabling a Group’s Web Services
Adding Users or Groups to a Group
Working with Member Settings for Groups
Removing Group Members
Working with Group Folder Settings
To remove group members
Creating a Group Folder
Specifying No Group Folder
To specify no group folder
102
Designating a Group Folder for Use by Multiple Groups
104
About Computer Accounts
Setting Up Computers Computer Groups
To create a computer account
Creating Computer Accounts
Working with Guest Computers
To set up the guest computer account
Working with Windows Computers
About Computer Groups
Administering Computer Groups
Differences Between Computer Groups and Computer Lists
Creating a Computer Group
To set up a computer group
Creating a Preset for Computer Groups
To set up a preset for computer groups
Using a Computer Group Preset
To use a preset for computer groups
To add computers or computer groups to a computer group
Adding Computers or Computer Groups to a Computer Group
Deleting a Computer Group
To upgrade computer lists to computer groups
Upgrading Computer Lists to Computer Groups
To delete a computer group
About Home Folders
Setting Up Home Folders
Hosting Home Folders for Other Clients
Hosting Home Folders for Mac OS X Clients
Distributing Home Folders Across Multiple Servers
Setting Up a Share Point
Administering Share Points
To set up a share point
Unix Class Name Permission
To set up an automountable AFP share point for home folders
Setting Up an Automountable AFP Share Point for Home Folders
To set up an automountable NFS share point for home folders
Setting Up an Automountable NFS Share Point for Home Folders
Setting Up an SMB Share Point
To create an SMB share point and set permissions
Specifying No Home Folder
Administering Home Folders
To define no home folder
To create a home folder for a local user
Creating a Home Folder for a Local User
To create a network home folder for AFP or NFS share points
Creating a Network Home Folder
Creating a Custom Location for Home Folders
To create a custom home folder using Workgroup Manager
Element Do this
To set up a home folder in an existing share point
Setting Up a Home Folder for a Windows User
\\servername\usershortname
Setting Disk Quotas
Using Presets to Choose Default Home Folders
Setting Disk Quotas for Windows Users to Avoid Data Loss
Moving Home Folders
Deleting Home Folders
About Mobile Accounts
Managing Portable Computers
About Portable Home Directories
Logging In to Mobile Accounts
Resolving Sync Conflicts
About External Accounts
Logging In to External Accounts
Considerations and Strategies for Deploying Mobile Accounts
Advantages of Using Mobile Accounts
Applications locally cache temporary files
You can manage individual mobile accounts
Considerations for Using Mobile Accounts
138
Mobile accounts can’t restore deleted files through syncing
Strategies for Syncing Content
Configuring Portable Computers
Setting Up Mobile Accounts for Use on Portable Computers
To set up portable computers for use on your network
Unknown Mac OS X Portable Computers
Managing Mobile Clients Without Using Mobile Accounts
Using Mac OS X Portable Computers with Multiple Users
143
Optimizing the File Server for Mobile Accounts
Securing Mobile Clients
To optimize the file server for mobile accounts
146
Client Management Overview
There are several key network-visible resources
Using Network-Visible Resources
Limits access
Power of Preferences
Customizing the User Experience
Environment Control By letting you manage
Key login settings
Designing the Login Experience
Environment Desired effect
Choosing a Workgroup
Improving Workflow
Working with Synced Homes
153
154
Preference pane What you can manage
Using Workgroup Manager to Manage Preferences
Understanding Managed Preference Interactions
157
158
Understanding Hierarchical Preference Management
Setting the Permanence of Management
Caching Preferences
Preference Management Basics
To manage user preferences
Managing User Preferences
Managing Computer Preferences
Managing Group Preferences
To manage group preferences
To manage computer preferences
Disabling Management for Specific Preferences
Managing Computer Group Preferences
To manage computer group preferences
To selectively disable preference management
Managing Access to Applications
Icon Indicates the application has this type of signature
What you can control
To allow users to open specific applications and folders
To allow specific Dashboard widgets
Allowing Specific Dashboard Widgets
Disabling Front Row
To disable Front Row
Managing Classic Preferences
To set up a list of accessible applications
To work with various startup options for Classic
Selecting Classic Startup Options
Classic preference pane What you can control
Allowing Special Actions During Restart
Choosing a Classic System Folder
To choose a specific Classic System Folder
To allow special actions during restart
Controlling Access to Classic Apple Menu Items
To hide or show items in the Apple menu
To adjust Classic sleep settings
Adjusting Classic Sleep Settings
Managing Dock Preferences
To choose where Classic user preferences are stored
Maintaining Consistent User Preferences for Classic
Controlling the User’s Dock
To add a Dock item for a group folder
Providing Easy Access to Group Folders
To add items to a user’s Dock
Adding Items to a User’s Dock
Preventing Users from Adding or Deleting Dock Items
Managing Energy Saver Preferences
To prevent users from adding items to their Docks
To set sleep and wake settings
Using Sleep and Wake Settings for Desktop Computers
To manage portable computer settings
Setting Energy Saver Settings for Portable Computers
Displaying Battery Status to Users
Scheduling Automatic Startup, Shutdown, or Sleep
To show battery status in the menu bar
To schedule automatic actions
Managing Finder Preferences
Setting Up Simple Finder
Finder preference pane What you can control
To turn on Simple Finder
Controlling the Behavior of Finder Windows
To hide disk and server icons on the desktop
To set Finder window preferences
Making Filename Extensions Visible
Hiding the Alert Message When a User Empties the Trash
To hide the Trash warning message
To make filename extensions visible
Controlling User Access to an iDisk
Controlling User Access to Remote Servers
Preventing Users from Ejecting Discs
Controlling User Access to Folders
Hiding the Burn Disc Command in the Finder
To hide the Burn Disc command
To hide the Go to Folder command
To hide the Restart and Shut Down commands
Adjusting the Appearance and Arrangement of Desktop Items
Removing Restart and Shut Down from the Apple Menu
To set preferences for the desktop view
Adjusting the Appearance of Finder Window Contents
Changing the Appearance of the Login Window
Managing Login Preferences
Login preference pane What you can control
List setting Mac OS X version Effect
To change the appearance of the Login Window
Option What this does when enabled
Configuring Miscellaneous Login Options
Choosing Who Can Log
To configure miscellaneous login options
To choose who can log
Customizing the Workgroups Displayed at Login
To customize the workgroups displayed at login
Enabling the Use of Login and Logout Scripts
Trust value name Requirements
To enable the use of login or logout scripts
Click Edit
Choosing a Login or Logout Script
Automatically Opening Items After a User Logs
To choose login or logout scripts
To set an item to open automatically
Providing Access to a User’s Network Home Folder
To add a login item for the group share point
Providing Easy Access to the Group Share Point
To automatically mount the Network Home
Controlling Access to CDs, DVDs, and Recordable Discs
Managing Media Access Preferences
To control access to disc media
Ejecting Removable Media Automatically When a User Logs Out
Controlling Access to Hard Drives, Disks, and Disk Images
To restrict access to internal and external disks
To automatically eject removable media
Creating a Mobile Account
Managing Mobility Preferences
Mobility preference pane What you can control
Preventing the Creation of a Mobile Account
To create a mobile account using Workgroup Manager
To prevent the creation of mobile accounts
Manually Removing Mobile Accounts from Computers
To remove a mobile account
OptionEffect
Enabling FileVault for Mobile Accounts
To enable FileVault for mobile accounts
To select the location of a mobile account
Selecting the Location of a Mobile Account
Home folder location Description
Type Name Privilege
To create an external account
Creating External Accounts
Setting Expiration Periods for Mobile Accounts
To set an expiration period
To stop files from syncing
Stopping Files from Syncing for a Mobile Account
Showing Mobile Account Status in the User’s Menu Bar
Setting the Background Sync Frequency
To set the frequency for syncing background folders
Managing Network Preferences
Configuring Proxy Servers by Port
To show mobile account status in the user’s menu bar
Network preference pane What you can control
To choose the domains that users can access directly
To configure proxy servers for a user or a group
Allowing Users to Bypass Proxy Servers for Specific Domains
To enable passive FTP mode
Enabling Passive FTP Mode
To disable Internet Sharing
Disabling Internet Sharing
To disable AirPort
Disabling Bluetooth
To disable Bluetooth
Disabling AirPort
To prevent access to specific websites
Preventing Access to Adult Websites
Managing Parental Controls Preferences
Hiding Profanity in Dictionary
To allow access only to specific websites
Allowing Access Only to Specific Websites
Setting Time Limits and Curfews on Computer Usage
To set time limits and curfews
Managing Printing Preferences
Printing preference pane What you can control
Making Printers Available to Users
To restrict access to the printer list
Preventing Users from Modifying the Printer List
To create a printer list for users
Setting a Default Printer
Restricting Access to Printers Connected to a Computer
To set the default printer
To restrict access to a specific printer
Restricting Access to Printers
Adding a Page Footer to All Printouts
To add a footer to all printouts
Managing Access to System Preferences
Managing Software Update Preferences
To manage access to Software Update servers
Managing Time Machine Preferences
To manage access to System Preferences
To manage Time Machine preferences
Adjusting the User’s Display Settings
Managing Universal Access Preferences
Universal Access Preference pane What you can control
Adjusting Keyboard Accessibility Options
Setting a Visual Alert
To adjust screen appearance
To set a flashing alert
Option Effect
To set the way the keyboard responds to keystrokes
Enabling Universal Access Shortcuts
Adjusting Mouse and Pointer Responsiveness
To control mouse and pointer settings
To allow Universal Access Shortcuts
Using the Preference Editor with Preference Manifests
Allowing Devices for Users with Special Needs
To allow assistive devices
Adding to the Preference Editor’s List
Frequency Description
To add to the preference editor’s list
To edit application preferences
Editing Application Preferences with the Preference Editor
To disable management of an application’s preferences
Manifest Examples of things you can change
Using the Preference Editor to Manage Core Services
To add Safari to the preference editor list
Using the Preference Editor to Manage Safari
238
Testing Your Network’s Time and Time Zones
Diagnosing Common Network Issues
To test your network’s DNS service on a single computer
Testing Your DNS Service
To test your network’s Dhcp service on a single computer
Testing Your Dhcp Service
If You Can’t Edit an Account Using Workgroup Manager
Solving Account Problems
If Users Can’t See Their Names in the Login Window
If You Want to Use Earlier Versions of Workgroup Manager
If You Can’t Assign Server Administrator Privileges
If You Can’t Modify a User’s Open Directory Password
If Users Can’t Log In or Authenticate
If Users Relying on a Password Server Can’t Log
If Users Can’t Access Their Home Folders
Problems with a Primary or Backup Domain Controller
If Users Can’t Change Their Passwords
If a Windows User Can’t Log in to the Windows Domain
If a Windows User Has No Home Folder
If a Windows User’s Profile Settings Revert to Defaults
Testing Your Managed Client Settings
Solving Preference Management Problems
If Users Don’t See a List of Workgroups at Login
To view managed client settings in System Profiler
If Users Can’t Add Printers to a Printer List
If Login Items Added by a User Don’t Open
If a User’s Dock Has Duplicate Items
If Items Placed in the Dock by a User Are Missing
If Users See a Question Mark in the Dock
If You Can’t Manage Network Views
If Users See a Message About an Unexpected Error
Understanding What You Can Import and Export
Importing and Exporting Account Information
Limitations for Importing and Exporting Passwords
To import accounts using Workgroup Manager
Using Workgroup Manager to Import Accounts
Archiving the Open Directory Master
Using Workgroup Manager to Export Accounts
To export accounts using Workgroup Manager
Using XML Files Created with AppleShare IP
Apple Filing Protocol See AFP
Access control list See ACL
Directory node See directory domain
See also computer list
Full name See long name Globally unique identifier See Guid
Home directory See home folder
Local home directory See local home folder
262
Primary domain controller See PDC
Security identifier See SID
Search path See search policy
Weblog See blog
266
Index
268
269
270
271
272
273
274
275
Top
Page
Image
Contents
