[Casper] User home directory on third Volume

Thomas Larkin tlarki at kckps.org
Thu May 29 06:41:57 PDT 2008 

John,

I have two images for my macbooks.  1 teacher and 1 student image.  The teacher image is very lightly managed.  Their network accounts are not admin level, however we do have local admin accounts on the machine that the teachers can use to install and test software.

The student machines are locked down locally, and by group policy and have no rights to install or update software.  The local admin account on the student machine is hidden, and of course it is very different than the teacher accounts.

I have already used casper to change passwords and it has worked great, so we do some slight password rotations.

Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
cell:  913-449-7589
office:  913-627-0351
>>> John Wetter <john_wetter at hopkins.k12.mn.us> 05/29/08 1:50 AM >>>
I will not be at WWDC this year, we're on an 'every-other-year' rotation here.

While a bit OT for this list, I'd be interested to hear how other educational institutions (especially K-12) handle local computer rights for staff.  We lock down student computers pretty tight, but there is a lot of push to give staff admin rights on their computers to be able to try out new software/services.  We have different setups right now across our environment from very locked down to being very open with admin rights.  What are others doing?  Let users have admin rights and then just re-image when they get in trouble, or have them just be 'standard' users, or do you hav ethem as managed users?

Thanks,
John
--
John Wetter
Technology Support Administrator
Technology & Information Services
Hopkins Public Schools
952-988-5373
john_wetter at hopkins.k12.mn.us
________________________________________
From: casper-bounces at list.jamfsoftware.com [casper-bounces at list.jamfsoftware.com] On Behalf Of Leacy, Miles (US) [Miles.Leacy at PoloRalphLauren.com]
Sent: Wednesday, May 28, 2008 5:28 PM
To: enrique.silberg at yr.com; casper at list.jamfsoftware.com
Subject: Re: [Casper] User home directory on third Volume

I'll be at WWDC.

My first, best recommendation is to not give admin privileges to your clients.

Some people think that having admin privileges is "corporate/organizational culture".  You may find yourself directed to give admin rights to all or some of your clients.  If you find yourself in this position, I would advise you to find the appropriate time, place and person to discuss the issue with, and explain what havoc can be wrought by an admin.  Remember that any admin has or can get root and root is omnipotent.  Having unknown, unskilled, and potentially untrustworthy people with unlimited access to your systems is bad.  If you're in a publically traded company, users having having admin rights may be illegal.

An ignorant or malicious admin can undo any management system or process you enact.

They could render a computer inoperable, thus costing your organization their own downtime, as well as the time you need to take to fix the problem.

Sorry if this got off on a bit of a tangent, but there are countless good reasons not to give out admin rights, and very few good reasons to give them.

-----
Miles Leacy
ACTC|ACSA|ACT|CCA
Senior Mac Technologist
Polo Ralph Lauren
212.318.7603
miles.leacy at poloralphlauren.com

----- Original Message -----
From: casper-bounces at list.jamfsoftware.com <casper-bounces at list.jamfsoftware.com>
To: casper at list.jamfsoftware.com <casper at list.jamfsoftware.com>
Sent: Wed May 28 17:43:48 2008
Subject: [Casper] User home directory on third Volume

We are running with 3 partitions on hard drive

Restore *hidden to user
MacOS- all applications
Data -User Home directory and scratch

Two weeks ago user changed names of two drives they can see. On restart it created a new empty user home directory on the MacOS partition for the user. We just reimaged.

Today again another user-changed names of drives they can see and on restart the computer would not restart. Then I got second call it did start up as user BUT the users items were gone. By the time I got to computer one of techs had reimaged. On questioning tech when they booted with restore drive and changed names back system would not come up right. And just backed up user files and reimaged whole drive.

It has been very helpful when we need to reimage MacOS drive and not have to worry about users home directory. But now I am not so sure if a name change will cause such trouble.

Anyone have best practice for this.

Anyone going to WWDC?

Ricky







This message and any attached documents contain information which may be confidential, subject to privilege or exempt from disclosure under applicable law. These materials are intended only for the use of the intended recipient. If you are not the intended recipient of this transmission you are hereby notified that any distribution, disclosure, printing, copying, storage, modification or the taking of any action in reliance upon this transmission is strictly prohibited. Delivery of this message to any person other than the intended recipient shall not compromise or waive such confidentiality, privilege or exemption from disclosure as to this communication. If you have received this communication in error, please immediately notify the sender and delete the message from your system.


_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper
_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper

More information about the Casper mailing list