Customize dock for Active directory user logons?

[griff92]

Hi,

In our school we have about 16 mac mini's running os x 10.4.11, which we have binded to our MS Windows server 2003 Active directory domain.

Our student users log onto the macs with their active directory logon accounts no problem.

What I am wondering is if it is possible to customize the dock and desktop so that when any user logs on with there network accounts they only see the applications on the dock or desktop that I want them to see.

I have customized the dock and copied the com.apple.dock.plist and put it into:

/System/Library/User Template/English.lproj/Library/Preferences.

This didn't work however and I was wondering if there is a different way for Active directory users?

Any help much appreciated.

James

 

[Giaguara]

Hi James
You would have to use managed clients on those Macs.
You could either use augmented records on Mac OS X server bound to the AD domain, or extend the AD schema to include the Mac OS X managed client info.
With a single login from the client it's called "golden triangle", its using a combination of AD and client account management and Mac OS X server for the managed user features.

 

[kayote]

We just use a LoginHook shell script that copies the dock preferences file into their user preferences file.

cp /System/Library/User Template/English.lproj/Library/Preferences/com.apple.doc.plist /Users/$1/Library/Preferences/com.apple.doc

chown $1 /Users/$1/Library/Preferences/com.apple.doc

 

[daveguy]

Why not just create a new Default User Template?

Create an account specifically for this use (i.e. you don't want to give out this password), login to this account set it up exactly as your endusers should see it. Delete "login" keychain (and most likely any other user-specific keychains) from Keychain Access in the Utilities folder.

Just to be safe, you should make a backup of the current user template just in case anything goes wrong. Open the Terminal, navigate to a folder you would like to save the old template in, and type this:

sudo tar -cjf UserTemp.tar.bz2 /System/Library/User\ Template/English.lproj/

To delete the current user template, type this:

sudo rm -r /System/Library/User\ Template/English.lproj/*

Be very careful, typos are very bad!

To copy over the new user template, type this:

sudo cp -R /Users/TEMPLATE/* /System/Library/User\ Template/English.lproj/

Replace TEMPLATE with the name of the user account you setup before.

Now when a new user logs in, the screen they see will be the one you setup!

Hope that helps!

 

[Mad101daN]

Hi - Great forum lots of help avaible here.

I have followed daveguy instructions to the letter, to the copy and paste in fact.

What I don't understand is that it works when I create a new local account I get the "new" user template.

However when I log into a new account through Active Directory it seems to revert to the old default users template.

My accounts for AD are being stored on the AD server and not locally.

The reason I want to modify the dock is to remove the question marks that get created, a there is no documents or download folder in the AD accounts.

I would also like to add in the alias that is used in the dock, to "mount the network home" this shows when the home directory is on the startup disk, but does not show when the home directory on the AD server.

Please help.

Dan

 

[Krazykrl]

Did anyone figure how to accomplish this? I have the exact same issue.

 

[ElDiabloConCaca]

There is more than one solution to the problem posted in this very thread. Have you tried those solutions or workarounds?

 

[Krazykrl]

I am having the same issue as mad101dan. Yes I have tried the solutions in this thread. They did not work for new AD users.

 

[ElDiabloConCaca]

Here's an article from Apple explaining that some Dock settings may not stick with changes made to the Dock in Workgroup Manager for Active Directory clients, with a Terminal command that may help:

http://support.apple.com/kb/HT3525

It applies both to 10.4 and 10.5.

 

[Mad101daN]

Here is what I found out from other sources.
-------
The local User Template is used _only_ for newly created local
accounts. That's just how it works.
If you want to manage certain settings for network accounts, you have
a few choices:

1) Write a script that runs at login and copies the appropriate files
(or makes the appropriate defaults changes) to the right place and
then creates a flag file that tells it not to run in the future.

2) Implement MCX via:
a) AD schema extension
b) Golden Triangle
c) Local MCX records (best with Leopard, difficult with Tiger)
-----
On 12/4/08 1:54 PM, "Greg wrote:

> The local User Template is used _only_ for newly created local
> accounts. That's just how it works.

Or network accounts that don't have a network home folder specified in AD
and therefore get a local home folder.
-----
I am not sure if it would help or not, since we don't use network home
directories, but there is the createhomedir command and it has options for
creating local and server home directories. Just do a man on createhomedir
to get more info. Maybe it would force the User Template up to the network
home directory.
---
---

In the end, I used the golden triangle setup hope this helps. Dan