Mac OS X Server User Management For Version 10.4 or Later K Apple Computer, Inc. Apple, the Apple logo, AirPort, AppleShare, AppleTalk, © 2005 Apple Computer, Inc. All rights reserved. FireWire, iBook, Keychain, LaserWriter, Mac, Mac OS, Macintosh, PowerBook, and QuickTime are trademarks The owner or authorized user of a valid copy of of Apple Computer, Inc., registered in the U.S. and other Mac OS X Server software may reproduce this countries. Extensions Manager, Finder, and SuperDrive publication for the purpose of learning to use such are trademarks of Apple Computer, Inc. software. No part of this publication may be reproduced or transmitted for commercial purposes, such as selling Adobe and PostScript are trademarks of Adobe Systems copies of this publication or for providing paid-for Incorporated. support services. Java and all Java-based trademarks and logos are Every effort has been made to ensure that the trademarks or registered trademarks of Sun information in this manual is accurate. Apple Computer, Microsystems, Inc. in the U.S. and other countries. Inc., is not responsible for printing or clerical errors. UNIX is a registered trademark in the United States and Apple other countries, licensed exclusively through X/Open 1 Infinite Loop Company, Ltd. Cupertino, CA 95014-2084 Other company and product names mentioned herein 408-996-1010 are trademarks of their respective companies. Mention www.apple.com of third-party products is for informational purposes Use of the “keyboard” Apple logo (Option-Shift-K) for only and constitutes neither an endorsement nor a commercial purposes without the prior written consent recommendation. Apple assumes no responsibility with of Apple may constitute trademark infringement and regard to the performance of these products. unfair competition in violation of federal and state laws. 019-0170/03-24-05 Contents 1 Preface 13 About This Guide 13 What’s New in Version 10.4 14 What’s in This Guide 15 Using Onscreen Help 15 The Mac OS X Server Suite 17 Getting Additional Information 17 If You’re New to Server and Network Management 18 If You’re an Experienced Server Administrator Chapter 1 19 User Management Overview 19 Tools for User Management 19 Workgroup Manager 21 Server Admin 22 NetBoot 23 Network Install 23 Accounts 23 Administrator Accounts 25 Users and Managed Users 25 Guest Users 25 Groups, Primary Groups, and Workgroups 26 Computer Lists 27 The User Experience 27 Authentication 29 Identity Validation 29 Information Access Control Chapter 2 31 Getting Started With User Management 31 Setup Overview 37 Planning Strategies for User Management 37 Analyzing Your Environment 37 Identifying Directory Services Requirements 38 Determining Server and Storage Requirements 38 Using Client Management 3 39 Using Mobile Accounts 39 Portable Home Directories 39 Devising a Home Directory Strategy 40 Identifying Groups 40 Determining Administrator Requirements 41 Using Workgroup Manager 41 Working With Pre-Version 10.4 Computers From Version 10.4 Servers 41 Opening and Authenticating in Workgroup Manager 42 Major Workgroup Manager Tasks 43 Listing and Finding Accounts 43 Working With Account Lists in Workgroup Manager 44 Listing Accounts in the Local Directory Domain 44 Listing Accounts in Search Path Directory Domains 44 Listing Accounts in Available Directory Domains 45 Refreshing Account Lists 45 Finding Specific Accounts in a List 46 Sorting User and Group Lists 46 Using the Search Button in the Toolbar 47 Shortcuts for Working With Accounts 47 Batch Editing 47 Using Presets 47 Importing and Exporting Account Information 48 Backing Up and Restoring User Management Data 48 Backing Up and Restoring Files 48 Backing Up Root and Administrator User Accounts Chapter 3 49 User Management for Mobile Clients 49 Setting Up Mobile Clients 49 Configuring Portable Computers 50 Using Mobile Accounts 51 Creating a Mobile Account 51 Removing a Mobile Account 52 The User Experience for Mobile Accounts 52 Portable Home Directories 53 Considerations for Assigning Content to Be Synchronized 53 Managing Mobile Clients 53 Unknown Mac OS X Portable Computers 54 Mac OS X Portable Computers With Multiple Local Users 54 Mac OS X Portable Computers With One Primary Local User 55 Using Wireless Services 55 Security Considerations for Mobile Clients 55 Directory Services 56 FileVault for Mobile Clients 4 Contents 56 Security Considerations When Using Portable Home Directories 56 Loss and Data Recovery Considerations Chapter 4 57 Setting Up User Accounts 57 About User Accounts 57 Where User Accounts Are Stored 58 Predefined User Accounts 59 Administering User Accounts 59 Creating Mac OS X Server User Accounts 60 Creating Read-Write LDAPv3 User Accounts 60 Editing User Account Information 61 Editing Multiple Users Simultaneously 61 Modifying Accounts in an Open Directory Master 62 Working With Read-Only User Accounts 62 Defining a Guest User 63 Deleting a User Account 63 Disabling a User Account 63 Working With Presets for User Accounts 63 Creating a Preset for User Accounts 64 Using Presets to Create New Accounts 65 Renaming Presets 65 Changing Presets 65 Deleting a Preset 65 Working With Basic Settings for Users 66 Defining Long User Names 66 Defining Short User Names 68 Choosing Stable Short Names 68 Avoiding Duplicate Names 70 Avoiding Duplicate Short Names 71 Defining User IDs 71 Defining Passwords 72 Setting Password Options for Imported Users 72 Assigning Administrator Rights for a Server 73 Assigning Administrator Rights for a Directory Domain 73 GUIDs 74 Working With Advanced Settings for Users 74 Defining Login Settings 75 Defining a Password Type 75 Creating a Master List of Keywords 76 Applying Keywords to User Accounts 76 Editing Comments 77 Working With Group Settings for Users 77 Defining a User’s Primary Group Contents 5 78 Adding a User to Groups 78 Removing a User From a Group 79 Reviewing a User’s Group Memberships 79 Working With Home Settings for Users 79 Working With Mail Settings for Users 80 Disabling a User’s Mail Service 80 Enabling Mail Service Account Options 81 Forwarding a User’s Mail 81 Working With Print Settings for Users 82 Disabling a User’s Access to Print Queues Enforcing Quotas 82 Enabling a User’s Access to Print Queues Enforcing Quotas 83 Deleting a User’s Print Quota for a Specific Queue 83 Resetting a User’s Print Quota 84 Working With Info Settings for Users 84 Choosing Settings for Windows Users Chapter 5 85 Setting Up Group Accounts 85 About Group Accounts 85 Administering Group Accounts 85 Where Group Accounts Are Stored 85 Predefined Group Accounts 87 Creating Mac OS X Server Group Accounts 87 Creating Read-Write LDAPv3 Group Accounts 88 Creating a Preset for Group Accounts 88 Editing Group Account Information 89 Creating Nested Groups 89 Upgrading Legacy Groups 90 Working With Read-Only Group Accounts 90 Working With Member Settings for Groups 90 Adding Users to a Group 91 Removing Users From a Group 92 Naming a Group 92 Defining a Group ID 93 Working With Group Folder Settings 93 Specifying No Group Folder 94 Creating a Group Folder in an Existing Share Point 95 Creating a Group Folder in a New Share Point 96 Creating a Group Folder in a Subfolder of an Existing Share Point 98 Designating a Group Folder for Use by Multiple Groups 99 Deleting a Group Account Chapter 6 101 Setting Up Computer Lists 101 About Computer Lists 6 Contents 102 Special Purpose Computer Lists 102 Creating a Computer List 103 Creating a Preset for Computer Lists 104 Using a Computer List Preset 104 Adding Computers to an Existing Computer List 105 Changing Information About a Computer 105 Moving a Computer to a Different Computer List 106 Deleting Computers From a Computer List 106 Deleting a Computer List 107 Searching for Computer Lists 107 Managing Guest Computers 108 Working With Access Settings 108 Restricting Access to Computers 109 Making Computers Available to All Users 110 Using Local User Accounts Chapter 7 111 Setting Up Home Directories 111 About Home Directories 112 Avoid Spaces and Long Names in Network Home Directory Path 112 Distributing Home Directories Across Multiple Servers 113 Specifying No Home Directory 114 Creating a Home Directory for a Local User at a Server 115 Creating a Network Home Directory 117 Creating a Custom Home Directory 119 Setting Up an Automountable AFP Share Point for Home Directories 120 Setting Up an Automountable NFS or SMB Share Point for Home Directories 121 Setting Disk Quotas 122 Defining Default Home Directories by Using Presets 122 Moving Home Directories 122 Deleting Home Directories Chapter 8 123 Client Management Overview 124 Using Network-Visible Resources 125 Defining Preferences 126 The Power of Preferences 127 Levels of Control 129 Degrees of Permanence 130 Designing the Login Experience 131 Who Can Log In 132 Caching Preferences 132 Helping Users Find Applications 132 Helping Users Find Group Folders 133 Installing and Booting Over the Network Contents 7 134 Day-to-Day Client Administration Chapter 9 135 Managing Preferences 135 How Workgroup Manager Works With Mac OS X Preferences 136 Managing Preferences 136 About the Preferences Cache 137 Updating the Managed Preferences Cache at Intervals 138 Updating the Preference Cache Manually 138 Managing User Preferences 139 Managing Group Preferences 139 Managing Computer Preferences 140 Editing Preferences for Multiple Records 140 Disabling Management for Specific Preferences 141 Managing Access to Applications 141 Creating a List of Applications Users Can Open 142 Preventing Users From Opening Applications on Local Volumes 142 Managing Access to Helper Applications 143 Controlling the Operation of UNIX Tools 144 Managing Classic Preferences 144 Selecting Classic Startup Options 145 Choosing a Classic System Folder 146 Allowing Special Actions During Restart 146 Controlling Access to Classic Apple Menu Items 147 Adjusting Classic Sleep Settings 148 Maintaining Consistent User Preferences for Classic 148 Managing Dock Preferences 148 Controlling the User’s Dock 149 Providing Easy Access to Group Folders 150 Adding Items to a User’s Dock 151 Preventing Users From Adding or Deleting Items in the Dock 151 Managing Energy Saver Preferences 151 Using Sleep and Wake Settings for Desktop Computers 152 Working With Energy Saver Settings for Portable Computers 153 Displaying Battery Status for Users 154 Scheduling Automatic Startup, Shutdown, or Sleep 155 Managing Finder Preferences 155 Setting Up Simple Finder 156 Keeping Disks and Servers From Appearing on the User’s Desktop 156 Controlling the Behavior of Finder Windows 157 Hiding the Alert Message When a User Empties the Trash 157 Making Filename Extensions Visible 158 Controlling User Access to Remote Servers 158 Controlling User Access to an iDisk 8 Contents 158 Preventing Users From Ejecting Disks 159 Hiding the Burn Disc Command in the Finder 159 Controlling User Access to Folders 160 Removing Restart and Shut Down From the Apple Menu 160 Adjusting the Appearance and Arrangement of Desktop Items 161 Adjusting the Appearance of Finder Window Contents 162 Managing Internet Preferences 162 Setting Email Preferences 163 Setting Web Browser Preferences 163 Managing Login Preferences 164 Specifying How a User Logs In 165 Opening Items Automatically After a User Logs In 166 Providing Access to a User’s Network Home Directory 166 Providing Easy Access to the Group Share Point 167 Preventing Restarting or Shutting Down the Computer at Login 168 Using Hints to Help Users Remember Passwords 168 Enabling Simultaneous Multiple Users on a Client Computer 169 Enabling Automatic Logout for Idle Users 169 Login and Logout Scripts 170 Managing Media Access Preferences 170 Controlling Access to CDs, DVDs, and Recordable Discs 171 Controlling Access to Hard Drives and Disks 171 Ejecting Items Automatically When a User Logs Out 172 Managing Mobility Preferences 172 Managing Network Preferences 172 Configuring Proxy Servers by Port 173 Managing Printing Preferences 173 Making Printers Available to Users 174 Preventing Users From Modifying the Printer List 174 Restricting Access to Printers Connected to a Computer 175 Setting a Default Printer 175 Restricting Access to Printers 176 Managing Software Update Preferences 176 Managing Access to System Preferences 177 Managing Universal Access Preferences 177 Adjusting the User’s Display Settings 178 Setting a Visual Alert 179 Adjusting Keyboard Responsiveness 180 Adjusting Mouse and Pointer Responsiveness 180 Enabling Universal Access Shortcuts 181 Allowing Devices for Users With Special Needs 181 Using the Preference Editor With Preference Manifests 182 Adding a Managed Preference by Importing it From an Application Contents 9 183 Editing Preference Values for an Application 183 Removing Preference Values With the Preferences Editor Chapter 10 185 Managing Network Views 185 Types of Managed Network Views 186 Creating a Managed Network View 187 Editing Managed Network Views 188 Defining Neighborhoods for Managed Network Views 188 Adding Neighborhoods to Managed Network Views 189 Deleting Neighborhoods From Managed Network Views 189 Defining Computers for Managed Network Views 189 Showing Computers in Managed Network Views 190 Deleting Computers From Managed Network Views 191 Defining Dynamic Lists for Managed Network Views 191 Adding Dynamic Lists to Managed Network Views 192 Deleting Dynamic Lists From Managed Network Views 192 Defining Use of Managed Network Views by Client Computers 192 How a Computer Finds Its Managed Network Views 193 Enabling Managed Network View Visibility 194 Disabling Managed Network View Visibility 195 Setting Managed Network View Refresh Rate 195 Setting Finder Behavior With Managed Network Views Chapter 11 197 Solving Problems 197 Online Help and the Apple Service & Support website 197 Solving Account Problems 197 You Can’t Modify an Account Using Workgroup Manager 197 You Can’t See Certain Users in the Login Window 198 You Can’t Unlock an LDAP Directory 198 You Can’t Modify a User’s Open Directory Password 198 You Can‘t Change a User’s Password Type to Open Directory 198 You Can’t Assign Server Administrator Privileges 199 Users Can’t Log In or Authenticate 200 Users Relying on a Password Server Can’t Log In 200 Users Can’t Log In With Accounts in a Shared Directory Domain 200 Users Can’t Access Their Home Directories 200 Users Can’t Change Their Passwords 201 A Mac OS X User in Shared NetInfo Domain Can’t Log In 201 Users Can’t Authenticate Using Single Sign-On or Kerberos 202 Solving Preference Management Problems 202 You Can’t Enforce Default Web Settings 202 You Can’t Enforce Default Mail Settings 202 Users Don’t See a List of Workgroups at Login 10 Contents
Description: