Apple 10.5 Leapard manual Managing Mobile Clients Without Using Mobile Accounts

Create at least one local administrator account and create local user accounts as needed. Make sure the users’ local account names are not easily confused with the users’ network names.

By creating an administrator account, you are preventing the user from having administrator access unless you specify it for that user. Administrator access allows the user to override many managed settings.

3Set up computers and computer groups on your server.

Use Workgroup Manager to create computer accounts for portable computers and then add them to a computer group and enforce preference management for all users of those computers.

Computer group management does not always affect external accounts because external accounts can be used on computers that aren’t connected to the network.

Allow the creation of mobile accounts for specific computers or computer groups rather than for specific users or groups. Doing so limits the creation of portable home directories only to specific computers. This way you can ensure that users who use several computers do not create portable home directories on each of those computers.

For more information about creating computer groups, see Chapter 6, “Setting Up Computers and Computer Groups.” For instructions about creating mobile accounts, see “Creating a Mobile Account” on page 202.

Managing Mobile Clients Without Using Mobile Accounts

There are several situations in which you should not use mobile accounts for portable computer users. This section describes those situations and provides alternatives to using mobile accounts that allow you to manage portable computers.

Unknown Mac OS X Portable Computers

If a computer is connected to your network but is not in a computer group, it is considered to be an unknown or guest computer. If you can identify the unknown computer by its Ethernet ID, you can create a computer account for it so that it’s no longer a guest computer.

You can use the guest computer account to manage guest computers on your network. This allows you to manage Mac OS X portable computers joining your directory domain. If guest computer users log in using network or mobile accounts, their user and group managed preferences and account settings apply.

For more information about how managed preferences interact when applied to users, groups, computers, and computer groups, see “Understanding Managed Preference Interactions” on page 156.