38

A user’s network home folder doesn’t need to be stored on the same server as the directory containing the user’s account. In fact, distributing directory domains and home folders across multiple servers can help balance your network load. This scenario is described in “Distributing Home Folders Across Multiple Servers” on page 115.

You may want to store home folders for users with last names beginning with A through F on one computer, G through J on another, and so on. Or, you may want to store home folders on a Mac OS X Server computer but store user and group accounts on an LDAP or Active Directory server.

Before creating users, pick a distribution strategy. If your distribution strategy fails while using it, you can move home folders, but doing so can require changing a large number of user records.

When determining the access protocol to use for home folders, AFP offers the greatest level of security. If you are hosting home folders on UNIX servers that do not support AFP, you may want to use NFS. If you are hosting home folders on Windows servers, you may want to use SMB.

For more information about how to use these protocols for home folders, see “About Home Folders” on page 113.

Identifying Groups

Identify users with similar requirements and consider assigning them to groups. See Chapter 5, “Setting Up Group Accounts.”

Determining Administrator Requirements

With Mac OS X v10.5, you don’t need to give full domain administrator privileges to all users who need only some administrative control. Instead, you can give them limited administrative privileges.

Decide which users will have full administrative control over accounts and which users will perform only a few administrative duties.

The domain administrator has the greatest amount of control over other user accounts and privileges. The domain administrator can create user accounts, group accounts, computer accounts, and computer groups, and can assign settings, privileges, and managed preferences for them. He or she can also create other server administrator accounts, or give specific users (for example, teachers or technical staff) administrator privileges in certain directory domains.

Limited administrators can perform common administrative tasks for specified users and groups. They can manage user preferences, edit managed preferences, edit user information, and edit group membership. Giving users limited administrative privileges helps them to be more self-sufficient, without putting your organization at risk.

Chapter 2 Getting Started with User Management

Page 37 Page 39
Page 38
Image 38
Apple 10.5 Leapard manual Identifying Groups, Determining Administrator Requirements
Page 37 Page 39
Top Page Image Contents