users and policies

P

pyrojoe333

Registered
I've got about 30 macs in several computer labs and about 200 pcs. while I have like 5000 users for these michines. what I'd like to do is have a default profile so that when a user logs in it looks the same as when any other user logs in. In other words I can't store 5000 profiles on each machine. how do I create a profile (home directory, dock, etc) for one user so that all users except the admin will use that profile. and how do I set the policies so that those users can't make perminant changes to that profile. so when they log out the profile returns to it's state (removing anything they've done to it):confused:
 
Buy a couple of those high-end Xserves and store your account information and home folders there. I have an lab with 12 G4 MDD's and one xserve. This works very well. You can use Workgroup Manager included in MacOS X Server to control what users can or can not do. I am a very happy system administrator:)

Just read it in apple's site:

http://www.apple.com/server/macosx/

Ask if you got something specific. Apple's site is there just to promote their products...;)
 
is there a way to do it without the server. the people in charge of spending money don't care enough about the macs to put in that kind of dough.
Jeramiah
 
If you cannot store 5000 profiles on each machine you will have to go with a server based solution. NetBoot is excellent for this purpose.
You have one Disk Image with the system (identical for everyone, easy mantainance) and when a user logs in his preferences load form a central server (you need to store the 5000 profiles only once).

You can set limits to what users can do and you can let them make changes to their own profile without any problem. It's absolutely the most easy solution for administering the amount of users you are talking about.
 
I don't really need remote profiles. there isn't a way to make a profile on the mac that is the profile used when any user logs in? Of O do have to do it with a server do I have to buy a xserver or can I use a G4 and just put OS X Server on it?
 
You don't need to buy an Xserve: any Mac that can run OS X server and has enough HD space & bandwidth can function as a server for such an environment. You can also make a single account on each Mac which nobody but the admin can change, so you wont need any profiles at all, but it wouldn't be very user friendly... You set the Mac to automatically log in to that single account without any need to require a password. If users will need to access remotely soterd files, you can require a password to mount and access the fileserver, but you will not need any profiles for that, just permissions.
 
right now I've got it so the that they authenticate via active directory. We have a problem with non-students using the computers so my supervisers want it to authenticate they they are students and it's ok for them to use the computer. that's why I was hoping I could make a profile that is used that the user can't really change. I'll let them know about the OSX server idea. If you have any others please let me know. Thank you for your help.

Jeramiah
 
Originally posted by pyrojoe333
I've got about 30 macs in several computer labs and about 200 pcs. while I have like 5000 users for these michines. what I'd like to do is have a default profile so that when a user logs in it looks the same as when any other user logs in. In other words I can't store 5000 profiles on each machine. how do I create a profile (home directory, dock, etc) for one user so that all users except the admin will use that profile. and how do I set the policies so that those users can't make perminant changes to that profile. so when they log out the profile returns to it's state (removing anything they've done to it):confused:
Click to expand...

Some questions...

What Mac OS are you currently using? It is very important for me to know this before let you know anything else...

Also, to get this straight: You want all 5000 people other than 1 admin to use basically the SAME profile? Why have 5000 different profiles if are all the same? Isn't more logical to have 1 admin profile, 1 for those 5000 users and 1 guest account? Or no guest at all?

Are you a Mac user yourself or you are one unlucky Wintel administrator put to admin a hybrid network?
 
that's what I'm talking about. I want my active directory users to use a guest account. This way when a user logs in it looks just like the last 50 times they logged in. we don't use poming profiles even on our Windows machines. I am a poor wintel tech who's been put incharge of teh macs in our mix environment. I'm triing as hard as I an to make myself a better person and become a mac user. :D I just need a little help. the basic idea is our windows machines all have a profile that lookes the same for every user or rather every active directory user. the admins is differant. they want the mac machine so look basically the same: a user sits down at the machine is confronted with a login screen they type in their user name and password and the machine logs them in. they then have the ability to access all the programs and networking that the machine has to offer. My problem lies in that when the user logs in the dock is all in dissarray and it's impossible to find stuff. plus the computer is wide open security wise. That's the stuff I want to fix. I want location of all programs to be exactly where they are on every comoputer for every user and I want to lock it down so that the users can ruin that. Is that posible with OSX?
 
Originally posted by pyrojoe333
that's what I'm talking about. I want my active directory users to use a guest account. This way when a user logs in it looks just like the last 50 times they logged in. we don't use poming profiles even on our Windows machines. I am a poor wintel tech who's been put incharge of teh macs in our mix environment. I'm triing as hard as I an to make myself a better person and become a mac user. :D I just need a little help. the basic idea is our windows machines all have a profile that lookes the same for every user or rather every active directory user. the admins is differant. they want the mac machine so look basically the same: a user sits down at the machine is confronted with a login screen they type in their user name and password and the machine logs them in. they then have the ability to access all the programs and networking that the machine has to offer. My problem lies in that when the user logs in the dock is all in dissarray and it's impossible to find stuff. plus the computer is wide open security wise. That's the stuff I want to fix. I want location of all programs to be exactly where they are on every comoputer for every user and I want to lock it down so that the users can ruin that. Is that posible with OSX?
Click to expand...

What is the Mac OS version that your networked Macs are using? Anything between OS 8-9 or OS X.1-X.2 (aka Puma and Jaguar)?
 
Originally posted by pyrojoe333
Jaguar
Click to expand...

...and let's hope this is what you actually need! ;)

-From System Preferences click to Accounts
-From there click to Edit User...
-Check if you have to the "Allow this user to administer this computer" and "Allow user to log in from Windows". In order to do so you may have to first type the current password and then press enter.
-Click OK

As of now you are at the tab Users.
-Click tab Login Options
-Click List of Users or any other option you may think that suits your network situation
-Click back at tab Users
-Click at Capabilities

Now, here in Capabilities you can enable/disable whatever you think is appropriate for your network be it apps, OS X utilities, almost ANYTHING!

The way I understood your "problem" you actually need only 3-4 users:
-Admin
-Guest
-Normal
-Backup Admin

Whatever you do, DON'T let anyone have access to everything! Unless you want so of course :p :D

Also, it would be a better practice if your OS X (Jaguar) passwords are the same with those the people will use to access the Windows network...

Hope, the above were a real help and not a bad reading :eek: Let us know!
 
when the user logs in it checks our windows database (active directory), so it will be using the same password. I will try what you suggested in tommarow when I get in. Thank you :cool:
 
You must log in or register to reply here.
Back
Top