[Casper] Creating Local Accounts w/ Policies (& MS Office)

[Slutzky, Ben]

Yeah, apparently it¹s a known AD/Mac issue although we couldn¹t find out
much about it. We were able to successfully use a utility called Network
Home Redirector once (which basically creates login/logout hooks to fix a
Microsoft incompatibility), but we were having issues with that lately.
Check it out at http://jochsner.dyndns.org/scripts/NHR.html if you¹re
interested.

There is ³better² AD support in Leopard ­ instead of the 10.4 Directory
Access utility, that¹s replaced in 10.5 by the Directory Utility, which is
pretty much the same, but looks a bit different and makes things a bit
easier. It¹s not too difficult to setup AD & OD working together ­ check out
very useful how-to PDF¹s for the ³Golden Triangle Concept² at
http://www.afp548.com/filemgmt/index.php?id=69 and
http://www.bombich.com/mactips/activedir.html.

Thanks for the info ­ we definitely were unaware of those things. For now we
have a policy to ensure that accounts are created on startup.


On 9/4/08 12:48 AM, "John Wetter" <john_wetter at hopkins.k12.mn.us> wrote:

> About 90% of our local accounts are created using Casper.  The other 10% are
> created just because the tech happens to be sitting at the computer already,
> so they just make the account.  The only bug/issue we've had is creating
> accounts right after imaging that do not have a password (we do this for some
> of the primary school aged kids).  To work around this, I just used the jamf
> command line in a script that ran after imaging and it worked fine (select 'at
> reboot' for the script properties in the JSS).  I didn't need to do anything
> other than delete the account creation from the AutoRun job and instead add
> the script to the configuration with it's properties set to 'at reboot'.
> There is apparently something with Leopard about creating a user with no
> password on Firstrun according to JAMF Support where instead of it being an
> empty password, it puts a password hash in there.  We also run MS office and
> NeoOffice and have had no problems as long as you created your office packages
> with the correct rights, which you'd have problems with anyways no matter how
> you create your accounts if the rights were wrong.
>  
> One FYI is that Leopard won't update the login window as the new accounts are
> created like Tiger did.  We also use the pictures/buttons login window so
> teachers can say 'click on the butterfly'.
>  
> That's interesting to hear about MS Office crashing with AD accounts.  We used
> to have the majority of our users on mobile accounts in Apple OpenDirectory
> but abandoned that as we just had too many problems.  We were looking at
> starting to test making AD-based accounts on our Leopard computers with the
> better AD support in Leopard.
>  
> -John


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080904/a5408f7d/attachment.htm