Getting Started with User Management | Apple 10.5 Leapard manual

40

Chapter 2 Getting Started with User Management

Image 40

Apple 10.5 Leapard manual Getting Started with User Management

Contents

Mac OS X Server 019-0938/2007-09-01 Contents Configuring the Administrator’s Computer and Account Setting Up an Administrator ComputerCreating a Domain Administrator Account Using Workgroup Manager Contents Setting Up Group Accounts Where Group Accounts Are StoredAdministering Group Accounts Creating a Preset for Group Accounts 118 Chapter Contents Contents If You Can‘t Change a User’s Password Type to Open Directory 257 267 About This Guide What’s New in Workgroup Manager What’s in This Guide To get help for an advanced configuration of Leopard Server Using Onscreen HelpTo see the most recent server help topics Mac OS X Server Administration Guides This guide Tells you how to User Management Getting Documentation Updates Getting Additional Information Tools for User Management Workgroup Manager Server Admin See this document NetInstall NetBootServer Preferences Command-Line Tools Accounts Administrator Accounts Server Administration User Accounts Guest Account Group Accounts Computer Accounts User Experience Authentication and Identity ValidationComputer Groups Information Access Control Folder and File Owner Access ACLs and Posix Permissions User Management Overview Setup Overview Getting Started with User Management Set up an administrator computer Create user accounts and home folders Planning Strategies for User Management Analyzing Your Environment Identifying Directory Services Requirements Determining Server and Storage Requirements Choosing a Home Folder Structure Users with local accounts typically have local home folders Devising a Home Folder Distribution Strategy Determining Administrator Requirements Identifying Groups Getting Started with User Management Getting Started with User Management Setting Up an Administrator Computer Configuring the Administrator’s Computer and AccountTo set up an administrator computer Creating a Domain Administrator Account Using Workgroup ManagerTo create a domain administrator account To connect and authenticate to directory domains Major Workgroup Manager Tasks To set Workgroup Manager preferences Modifying Workgroup Manager PreferencesPreference Description Working with Account Lists in Workgroup Manager Finding and Listing AccountsListing Accounts in the Local Directory Domain Listing Accounts in Search Policy Directory Domains To list accounts in a server’s local directory domain Refreshing Account Lists Listing Accounts in Available Directory DomainsFinding Specific Accounts in a List To filter items in the list of accounts Using Advanced SearchTo do this Do this Shortcuts for Working with Accounts Using PresetsSorting Users and Groups Editing Multiple Accounts Simultaneously Interface element Mixed-state appearance To batch-edit accounts that match specific criteria Importing and Exporting Account Information Getting Started with Workgroup Manager Where User Accounts Are Stored About User Accounts Predefined User Accounts User ID Creating User Accounts Administering User AccountsTo create a user account Editing User Account Information To make changes to a user account Working with Guest Users Working with Read-Only User AccountsTo work with a read-only user account To delete a user account using Workgroup Manager Working with Windows User AccountsDeleting a User Account Disabling a User Account Creating a Preset for User Accounts Working with PresetsTo create a preset for user accounts Using Presets to Create Accounts Renaming PresetsEditing Presets To create an account using a preset Working with Basic Settings Deleting a PresetTo edit a preset To delete a preset To work with the user name using Workgroup Manager Modifying Short Names To work with a user short name using Workgroup Manager Choosing Stable Short Names Avoiding Duplicate Names Modifying User IDs To change a user ID in Workgroup Manager Assigning a Password to a User Assigning Administrator Privileges for a ServerTo assign a password To set server administrator privileges in Workgroup Manager Choosing a User’s Login Picture To change a user’s login picture Removing Administrative Privileges from a User Giving a User Limited Administrative CapabilitiesTo remove a user’s administrative privileges Working with Privileges To add limited administrative capabilities Task Description Working with Advanced Settings Giving a User Full Administrative CapabilitiesTo change a user’s administrative privileges To enable a user’s calendar Choosing a Default Shell To choose a default shell Choosing a Password Type and Setting Password Options To choose a user password type and set password options Applying Keywords to User Accounts Creating a Master List of KeywordsTo edit the master keyword list Editing Comments To work with a comment using Workgroup ManagerTo work with keywords for a user account To set a primary group ID using Workgroup Manager Working with Group SettingsChoosing a User’s Primary Group Reviewing a User’s Group Memberships To review group memberships using Workgroup ManagerAdding a User to a Group Working with Home Settings To add a user to a group using Workgroup ManagerTo remove a user from a group using Workgroup Manager Removing a User from a Group Working with Mail Settings Enabling Mail Service Account Options Working with Print Quota Settings Disabling a User’s Mail ServiceTo disable a user’s mail service using Workgroup Manager To forward a user’s mail using Workgroup Manager Enabling a User’s Access to All Available Print Queues Enabling a User’s Access to Specific Print Queues Resetting a User’s Print Quota To delete a user’s print quota using Workgroup ManagerTo restart a user’s print quota using Workgroup Manager Removing a Print Quota For a Queue Working with Info Settings To disable a user’s access to print queues enforcing quotas Changing a Windows User’s Profile Location Working with Windows SettingsTo change a user’s info Changing a Windows User’s Login Script Location Working with GUIDs Changing a Windows User’s Home Folder Drive LetterChanging a Windows User’s Home Folder Location Viewing GUIDs To view a user or group Guid About Group Accounts How Group Accounts Track Membership Predefined Group Accounts Where Group Accounts Are StoredPredefined Group name Group ID Use Creating Group Accounts Administering Group AccountsTo create a group account Creating a Preset for Group Accounts To create a preset for group accountsEditing Group Account Information To make changes to a group account Creating Hierarchical Groups To create a hierarchical group Upgrading Legacy Groups To convert a legacy group to an upgraded group accountWorking with Read-Only Groups Working with Basic Settings for Groups To delete a group using Workgroup ManagerDeleting a Group Naming a Group To work with group names using Workgroup Manager Defining a Group ID To work with a group ID using Workgroup Manager Choosing a Group’s Login PictureTo choose a group’s login picture Enabling a Group’s Web Services To enable a group’s web services Working with Member Settings for Groups Adding Users or Groups to a Group Removing Group Members Working with Group Folder SettingsTo remove group members Creating a Group Folder Specifying No Group FolderTo specify no group folder 102 Designating a Group Folder for Use by Multiple Groups 104 Setting Up Computers Computer Groups About Computer Accounts Creating Computer Accounts To create a computer account Working with Guest Computers To set up the guest computer accountWorking with Windows Computers Administering Computer Groups About Computer GroupsDifferences Between Computer Groups and Computer Lists Creating a Computer Group Creating a Preset for Computer Groups To set up a computer group To set up a preset for computer groups Using a Computer Group PresetTo use a preset for computer groups Adding Computers or Computer Groups to a Computer Group To add computers or computer groups to a computer group To upgrade computer lists to computer groups Deleting a Computer GroupUpgrading Computer Lists to Computer Groups To delete a computer group Setting Up Home Folders About Home Folders Hosting Home Folders for Mac OS X Clients Hosting Home Folders for Other Clients Distributing Home Folders Across Multiple Servers Administering Share Points Setting Up a Share PointTo set up a share point Unix Class Name Permission Setting Up an Automountable AFP Share Point for Home Folders To set up an automountable AFP share point for home folders Setting Up an Automountable NFS Share Point for Home Folders To set up an automountable NFS share point for home folders Setting Up an SMB Share Point To create an SMB share point and set permissions Specifying No Home Folder Administering Home FoldersTo define no home folder Creating a Home Folder for a Local User To create a home folder for a local user Creating a Network Home Folder To create a network home folder for AFP or NFS share points Creating a Custom Location for Home Folders To create a custom home folder using Workgroup Manager Element Do this Setting Up a Home Folder for a Windows User To set up a home folder in an existing share point \\servername\usershortname Setting Disk Quotas Setting Disk Quotas for Windows Users to Avoid Data Loss Using Presets to Choose Default Home FoldersMoving Home Folders Deleting Home Folders Managing Portable Computers About Mobile Accounts About Portable Home Directories Logging In to Mobile Accounts About External Accounts Resolving Sync Conflicts Logging In to External Accounts Considerations and Strategies for Deploying Mobile Accounts Advantages of Using Mobile AccountsApplications locally cache temporary files Considerations for Using Mobile Accounts You can manage individual mobile accounts 138 Strategies for Syncing Content Mobile accounts can’t restore deleted files through syncing Configuring Portable Computers Setting Up Mobile Accounts for Use on Portable ComputersTo set up portable computers for use on your network Managing Mobile Clients Without Using Mobile Accounts Unknown Mac OS X Portable Computers Using Mac OS X Portable Computers with Multiple Users 143 Securing Mobile Clients Optimizing the File Server for Mobile Accounts To optimize the file server for mobile accounts 146 Client Management Overview Using Network-Visible Resources There are several key network-visible resources Power of Preferences Limits accessCustomizing the User Experience Environment Control By letting you manage Key login settings Designing the Login ExperienceEnvironment Desired effect Choosing a Workgroup Working with Synced Homes Improving Workflow 153 154 Using Workgroup Manager to Manage Preferences Preference pane What you can manage Understanding Managed Preference Interactions 157 158 Setting the Permanence of Management Understanding Hierarchical Preference Management Preference Management Basics Caching Preferences Managing User Preferences To manage user preferences Managing Group Preferences Managing Computer PreferencesTo manage group preferences To manage computer preferences Disabling Management for Specific Preferences Managing Computer Group PreferencesTo manage computer group preferences Managing Access to Applications To selectively disable preference management What you can control Icon Indicates the application has this type of signature To allow users to open specific applications and folders Allowing Specific Dashboard Widgets To allow specific Dashboard widgets To disable Front Row Disabling Front Row To set up a list of accessible applications Managing Classic Preferences To work with various startup options for Classic Selecting Classic Startup OptionsClassic preference pane What you can control Allowing Special Actions During Restart Choosing a Classic System FolderTo choose a specific Classic System Folder To allow special actions during restart Controlling Access to Classic Apple Menu ItemsTo hide or show items in the Apple menu Adjusting Classic Sleep Settings To adjust Classic sleep settings To choose where Classic user preferences are stored Managing Dock PreferencesMaintaining Consistent User Preferences for Classic Controlling the User’s Dock Providing Easy Access to Group Folders To add a Dock item for a group folder Adding Items to a User’s Dock To add items to a user’s Dock Preventing Users from Adding or Deleting Dock Items Managing Energy Saver PreferencesTo prevent users from adding items to their Docks Using Sleep and Wake Settings for Desktop Computers To set sleep and wake settings Setting Energy Saver Settings for Portable Computers To manage portable computer settings Displaying Battery Status to Users Scheduling Automatic Startup, Shutdown, or Sleep To show battery status in the menu barTo schedule automatic actions Managing Finder Preferences Setting Up Simple FinderFinder preference pane What you can control Controlling the Behavior of Finder Windows To turn on Simple FinderTo hide disk and server icons on the desktop To set Finder window preferences Hiding the Alert Message When a User Empties the Trash Making Filename Extensions VisibleTo hide the Trash warning message To make filename extensions visible Controlling User Access to an iDisk Controlling User Access to Remote ServersPreventing Users from Ejecting Discs Hiding the Burn Disc Command in the Finder Controlling User Access to FoldersTo hide the Burn Disc command To hide the Go to Folder command Adjusting the Appearance and Arrangement of Desktop Items To hide the Restart and Shut Down commandsRemoving Restart and Shut Down from the Apple Menu To set preferences for the desktop view Adjusting the Appearance of Finder Window Contents Managing Login Preferences Changing the Appearance of the Login WindowLogin preference pane What you can control List setting Mac OS X version Effect To change the appearance of the Login Window Configuring Miscellaneous Login Options Option What this does when enabled To configure miscellaneous login options Choosing Who Can Log Customizing the Workgroups Displayed at Login To choose who can log Enabling the Use of Login and Logout Scripts To customize the workgroups displayed at login To enable the use of login or logout scripts Trust value name Requirements Choosing a Login or Logout Script Click Edit Automatically Opening Items After a User Logs To choose login or logout scriptsTo set an item to open automatically Providing Access to a User’s Network Home Folder To add a login item for the group share point Providing Easy Access to the Group Share PointTo automatically mount the Network Home Controlling Access to CDs, DVDs, and Recordable Discs Managing Media Access PreferencesTo control access to disc media Controlling Access to Hard Drives, Disks, and Disk Images Ejecting Removable Media Automatically When a User Logs OutTo restrict access to internal and external disks To automatically eject removable media Creating a Mobile Account Managing Mobility PreferencesMobility preference pane What you can control To create a mobile account using Workgroup Manager Preventing the Creation of a Mobile Account To prevent the creation of mobile accounts Manually Removing Mobile Accounts from ComputersTo remove a mobile account Enabling FileVault for Mobile Accounts OptionEffect To enable FileVault for mobile accounts Selecting the Location of a Mobile Account To select the location of a mobile accountHome folder location Description Type Name Privilege Creating External Accounts To create an external account Setting Expiration Periods for Mobile Accounts To set an expiration period Stopping Files from Syncing for a Mobile Account To stop files from syncing Showing Mobile Account Status in the User’s Menu Bar Setting the Background Sync FrequencyTo set the frequency for syncing background folders Configuring Proxy Servers by Port Managing Network PreferencesTo show mobile account status in the user’s menu bar Network preference pane What you can control To choose the domains that users can access directly To configure proxy servers for a user or a groupAllowing Users to Bypass Proxy Servers for Specific Domains Enabling Passive FTP Mode To enable passive FTP modeTo disable Internet Sharing Disabling Internet Sharing Disabling Bluetooth To disable AirPortTo disable Bluetooth Disabling AirPort Preventing Access to Adult Websites To prevent access to specific websitesManaging Parental Controls Preferences Hiding Profanity in Dictionary Allowing Access Only to Specific Websites To allow access only to specific websites Setting Time Limits and Curfews on Computer Usage To set time limits and curfews Managing Printing PreferencesPrinting preference pane What you can control To restrict access to the printer list Making Printers Available to UsersPreventing Users from Modifying the Printer List To create a printer list for users Setting a Default Printer Restricting Access to Printers Connected to a ComputerTo set the default printer Restricting Access to Printers To restrict access to a specific printerAdding a Page Footer to All Printouts To add a footer to all printouts Managing Access to System Preferences Managing Software Update PreferencesTo manage access to Software Update servers To manage access to System Preferences Managing Time Machine Preferences To manage Time Machine preferences Adjusting the User’s Display Settings Managing Universal Access PreferencesUniversal Access Preference pane What you can control Setting a Visual Alert Adjusting Keyboard Accessibility OptionsTo adjust screen appearance To set a flashing alert To set the way the keyboard responds to keystrokes Option Effect Enabling Universal Access Shortcuts Adjusting Mouse and Pointer ResponsivenessTo control mouse and pointer settings Using the Preference Editor with Preference Manifests To allow Universal Access ShortcutsAllowing Devices for Users with Special Needs To allow assistive devices Adding to the Preference Editor’s List To add to the preference editor’s list Frequency Description Editing Application Preferences with the Preference Editor To edit application preferences To disable management of an application’s preferences Using the Preference Editor to Manage Core Services Manifest Examples of things you can change Using the Preference Editor to Manage Safari To add Safari to the preference editor list 238 Diagnosing Common Network Issues Testing Your Network’s Time and Time Zones Testing Your DNS Service To test your network’s DNS service on a single computer Testing Your Dhcp Service To test your network’s Dhcp service on a single computer Solving Account Problems If You Can’t Edit an Account Using Workgroup ManagerIf Users Can’t See Their Names in the Login Window If You Want to Use Earlier Versions of Workgroup Manager If You Can’t Assign Server Administrator Privileges If You Can’t Modify a User’s Open Directory PasswordIf Users Can’t Log In or Authenticate If Users Relying on a Password Server Can’t Log Problems with a Primary or Backup Domain Controller If Users Can’t Access Their Home FoldersIf Users Can’t Change Their Passwords If a Windows User Can’t Log in to the Windows Domain If a Windows User’s Profile Settings Revert to Defaults If a Windows User Has No Home Folder Solving Preference Management Problems Testing Your Managed Client SettingsIf Users Don’t See a List of Workgroups at Login To view managed client settings in System Profiler If Login Items Added by a User Don’t Open If Users Can’t Add Printers to a Printer List If a User’s Dock Has Duplicate Items If Items Placed in the Dock by a User Are MissingIf Users See a Question Mark in the Dock If Users See a Message About an Unexpected Error If You Can’t Manage Network Views Importing and Exporting Account Information Understanding What You Can Import and Export Limitations for Importing and Exporting Passwords To import accounts using Workgroup Manager Using Workgroup Manager to Import AccountsArchiving the Open Directory Master Using Workgroup Manager to Export Accounts To export accounts using Workgroup Manager Using XML Files Created with AppleShare IP Access control list See ACL Apple Filing Protocol See AFP See also computer list Directory node See directory domain Full name See long name Globally unique identifier See Guid Home directory See home folder Local home directory See local home folder 262 Primary domain controller See PDC Search path See search policy Security identifier See SID Weblog See blog 266 Index 268 269 270 271 272 273 274 275