Create OS X Default Profile / Template for AD
hello.
I followed the Steps to create a new default profile for osx 10.8.
It works fine for local users. But when Ad network users log on the get a other profile with settings.
Create mobile account at logon is off
Force local homedir at stratup disk is off
Want to redircet Desktop en documents to network drive.
Want Users to be able 2 work when Server (with Home dir and desktop) is down.
Simple script tat copy settings to local at login and back to the network at logoff.
The main thing is where is the default profile stored that is used for Ad users.
Is it not possible at all or am i missing somthing.
0 Comments
[ + ] Show comments
Answers (1)
Please log in to answer
Posted by:
Jbr32
10 years ago
We use the following script to create a default profile in OSX:
#!/bin/bash
defaultUserName=gdstudent
rm -r /Users/$defaultUserName/Library/{Caches,Keychains}
mv /System/Library/User\ Template/English.lproj /System/Library/User\ Template/English.lproj.original
ditto /Users/$defaultUserName /System/Library/User\ Template/English.lproj
chown -R root:wheel /System/Library/User\ Template/English.lproj
Our MACs are integrated into AD for authentication. On logout we nuke their profile. We use MAC's open directory to manage settings.
Comments:
-
I came across this script.
But Am not Sure if i need to edit it and what i need 2 edit.
where is $1 set ? In this script.
And can i Just run this als loginhook.
And do i need to
Create Moble account at logon ?
Force local home dir ..?
#! /bin/bash
##
## LoginHook script by Tim Schutt, 2013
##
echo "##############################"
echo "Logging in user is $1"
if [ ! "$1" = "admin" ] && [ ! "$1" = "root" ]; then ## test if the user is local admin or not
echo "Reassigning Desktop folder."
rm -r /Users/$1/Desktop ## remove Desktop folder created by OS X
ln -s /Volumes/$1\$/Desktop /Users/$1 ## create soft-link to Desktop folder in AD home
echo "Reassigning Documents folder."
rm -r /Users/$1/Documents ## remove Docs folder created by OS X
ln -s /Volumes/$1\$/Documents /Users/$1 ## create soft-link to Docs folder in AD home
fi
echo "##############################"
exit 0 - Raoul.tjin 10 years ago -
The $1 is the currently logging in user. You don't need to change it or specify it.
You would have to add this to the login window via
sudo defaults write com.apple.loginwindow Loginhook /somePathToScriptAbove
You also need to edit the symbolic link paths to whatever is appropriate to point to the network volume.
Finally note that this script assumes the network volume is mounted, so you should preface the script accordingly. - Jbr32 10 years ago -
Ok I get It But do I need to
Create Moble account at logon ?
Force local home dir ..? - Raoul.tjin 10 years ago -
I am not sure about those two options. I would experiment with it at this point.
What are you doing with the ~/Library folder as they contain settings for applications the user might use? Are you going to redirect the ~/Library folder as well?
Once you get it working, let me know. - Jbr32 10 years ago-
have you looked at rsync command ?
#!/bin/sh
#By Ben Greisler ben@kadimac.com and Gabe Shackney July 25, 2012
#echo $klistuser
pathb=$(echo `dscl localhost -read /Search/Users/$3 dsAttrTypeStandard:OriginalHomeDirectory` | awk 'BEGIN { FS = ".internal" }; { print $2 }' | awk 'BEGIN { FS = "<path>" }; { print $1 }' | awk '{ sub("</url>","");print}')
#echo $pathb
localpath=/Users/$3
#echo $localpath
rsync -avz /Volumes/$pathb/Desktop/ /$localpath/Desktop/
rsync -avz /Volumes/$pathb/Documents/ /$localpath/Documents/
Do i need 2 edit it or can i use it like this - Raoul.tjin 10 years ago
-
Aha I will look into that also think there is mine problem.
have 2 scripts
second one is
Hope you can use it or gives solution for ~/Library
What I hope to do with these or 1 of these scripts is only rederect desktop and Documents to network drive.
When Users logon and off The must copy there profile from Win2003 Server to Mac
And when they are finnised copy back 2 network (at loggoff)
They must not have Progrem settings on a redirected network drive.
Because when server is down They must be able 2 work further with local Brouwser .
#! /bin/bash
##
## launchd script to redirect key folders for Active Directory users - Tim Schutt, 2013
##
LIUSER=$(ls -l /dev/console | cut -d " " -f 4) ## pulls username in for currently logged in user
LIGRP=$(ls -l /dev/console | cut -d " " -f 6 | cut -d "\\" -f 1) ## extracts group of currently logged in user - used to test if "AD"
NETLIB=/Volumes/$LIUSER\$/Library ## shortcut - I get lazy sometimes.
if [ "$LIGRP" = "AD" ] ## if the logged in user is an AD user
then
if [ ! -d $NETLIB ]; then ## Test if Library folder exists on AD share and execute if it does not
echo "Library does not exist in network home - creating it."
mkdir $NETLIB
fi
if [ ! -d $NETLIB/Application\ Support ]; then ## test if Application Support exists.
echo "Application Support does not exist - creating it."
mkdir $NETLIB/Application\ Support ## create it if not
fi
if [ ! -d $NETLIB/Application\ Support/Google ]; then
if [ -d /Users/$LIUSER/Library/Application\ Support/Google ]; then
echo "Copying Chrome prefs to network home."
cp -fR /Users/$LIUSER/Library/Application\ Support/Google $NETLIB/Application\ Support/Google ## copy Chrome prefs to AD space
else
echo "Creating Chrome prefs folder."
mkdir $NETLIB/Application\ Support/Google
fi
fi
if [ /Users/$LIUSER/Library/Application\ Support/Google ]; then
echo "Removing local Chrome prefs."
rm -R /Users/$LIUSER/Library/Application\ Support/Google ## Remove the local copy of the Chrome prefs
fi
echo "Linking to network Chrome prefs."
ln -s $NETLIB/Application\ Support/Google /Users/$LIUSER/Library/Application\ Support ## link to the AD version of the prefs
if [ ! -d $NETLIB/Application\ Support/Firefox ]; then
if [ -d /Users/$LIUSER/Library/Application\ Support/Firefox ]; then
echo "Copying Firefox prefs to network home."
cp -R /Users/$LIUSER/Library/Application\ Support/Firefox $NETLIB/Application\ Support/Firefox ## copy Firefox prefs to AD space
else
echo "Creating Firefox prefs folder."
mkdir $NETLIB/Application\ Support/Firefox
fi
fi
if [ -d /Users/$LIUSER/Library/Application\ Support/Firefox ]; then
echo "Removing local Firefox prefs."
rm -R /Users/$LIUSER/Library/Application\ Support/Firefox ## Remove the local copy of the Firefox prefs
fi
echo "Linking to network Firefox prefs."
ln -s $NETLIB/Application\ Support/Firefox /Users/$LIUSER/Library/Application\ Support ## link to the AD version of the prefs
if [ ! -d $NETLIB/Safari ]; then ## test if Safari prefs exist.
if [ -d /Users/$LIUSER/Library/Safari ]; then
echo "Copying Safari prefs."
cp -R /Users/$LIUSER/Library/Safari $NETLIB/Safari ## copy them from template if not.
else
echo "Creating network safari prefs folder"
mkdir /Volumes/$LIUSER\$/Library/Safari
fi
fi
if [ -d /Users/$LIUSER/Library/Safari ] && [ ! -h /Users/$LIUSER/Library/Safari ]; then
echo "Removing local Safari prefs."
rm -R /Users/$LIUSER/Library/Safari ## remove local safari prefs
else
echo "Safari prefs are already linked"
fi
if [ ! -h /Users/$LIUSER/Library/Safari ]; then
echo "Linking to network Safari prefs."
ln -s $NETLIB/Safari /Users/$LIUSER/Library ## create link to safari prefs on network home.
fi
fi
exit 0 - Raoul.tjin 10 years ago -
The script directly above might be overkill. I tend to keep it simple.
in pseudo code on logon I would:
1. mount a network share
2. check to see if they already have a user profile on the local machine. If they do, you don't need to recreate the symbolic links. If they don't have a local profile, you need to create the symbolic links.
3. redirect (symbolic links) the Desktop and Documents folder (you have a script for that above). If your users are going to use the Pictures, Music, or Movies folders I would redirect them as well using the ln -s command to your network volume. Keep everything else local; e.g. ~/Library
4. test, test, and test!
If you redirect the folders above you won't have to wait for rsync to complete, which depending on how many files there are could dramatically increase login/ logoff time.
So something link this: - Jbr32 10 years ago -
You may also want to look into http://www.centrify.com/ - Jbr32 10 years ago
