/build/static/layout/Breadcrumb_cap_w.png

Create OS X Default Profile / Template for AD

hello.

I followed the Steps to create a new default profile for osx 10.8.

It works fine for local users. But when Ad network users log on the get a other profile with settings.

Create mobile account at logon is off

Force local homedir at stratup disk is off

Want to redircet Desktop en documents to network drive.

Want Users to be able 2 work when Server (with Home dir and desktop) is down.

Simple script tat copy settings to local at login and back to the network at logoff.

The main thing is where is the default profile stored that is used for Ad users.

Is it not possible at all or am i missing somthing.

Asked 11 years ago 6604 views
0 Comments   [ + ] Show comments

Answers (1)

Posted by: Jbr32 11 years ago
10th Degree Black Belt
1

We use the following script to create a default profile in OSX:

 

 

#!/bin/bash

 

defaultUserName=gdstudent

 

rm -r /Users/$defaultUserName/Library/{Caches,Keychains}

mv /System/Library/User\ Template/English.lproj /System/Library/User\ Template/English.lproj.original

ditto /Users/$defaultUserName /System/Library/User\ Template/English.lproj

chown -R root:wheel /System/Library/User\ Template/English.lproj

 

 

Our MACs are integrated into AD for authentication.  On logout we nuke their profile.  We use MAC's open directory to manage settings.  

 

 

 

Comments:
  • I came across this script.
    But Am not Sure if i need to edit it and what i need 2 edit.
    where is $1 set ? In this script.
    And can i Just run this als loginhook.
    And do i need to
    Create Moble account at logon ?
    Force local home dir ..?



    #! /bin/bash

    ##
    ## LoginHook script by Tim Schutt, 2013
    ##

    echo "##############################"
    echo "Logging in user is $1"

    if [ ! "$1" = "admin" ] && [ ! "$1" = "root" ]; then ## test if the user is local admin or not
    echo "Reassigning Desktop folder."

    rm -r /Users/$1/Desktop ## remove Desktop folder created by OS X
    ln -s /Volumes/$1\$/Desktop /Users/$1 ## create soft-link to Desktop folder in AD home

    echo "Reassigning Documents folder."
    rm -r /Users/$1/Documents ## remove Docs folder created by OS X
    ln -s /Volumes/$1\$/Documents /Users/$1 ## create soft-link to Docs folder in AD home

    fi
    echo "##############################"

    exit 0 - Raoul.tjin 11 years ago
  • The $1 is the currently logging in user. You don't need to change it or specify it.

    You would have to add this to the login window via
    sudo defaults write com.apple.loginwindow Loginhook /somePathToScriptAbove

    You also need to edit the symbolic link paths to whatever is appropriate to point to the network volume.

    Finally note that this script assumes the network volume is mounted, so you should preface the script accordingly. - Jbr32 11 years ago
  • Ok I get It But do I need to

    Create Moble account at logon ?
    Force local home dir ..? - Raoul.tjin 11 years ago
  • I am not sure about those two options. I would experiment with it at this point.

    What are you doing with the ~/Library folder as they contain settings for applications the user might use? Are you going to redirect the ~/Library folder as well?

    Once you get it working, let me know. - Jbr32 11 years ago
    • have you looked at rsync command ?

      #!/bin/sh
      #By Ben Greisler ben@kadimac.com and Gabe Shackney July 25, 2012


      #echo $klistuser

      pathb=$(echo `dscl localhost -read /Search/Users/$3 dsAttrTypeStandard:OriginalHomeDirectory` | awk 'BEGIN { FS = ".internal" }; { print $2 }' | awk 'BEGIN { FS = "<path>" }; { print $1 }' | awk '{ sub("</url>","");print}')

      #echo $pathb

      localpath=/Users/$3

      #echo $localpath

      rsync -avz /Volumes/$pathb/Desktop/ /$localpath/Desktop/
      rsync -avz /Volumes/$pathb/Documents/ /$localpath/Documents/


      Do i need 2 edit it or can i use it like this - Raoul.tjin 11 years ago
  • Aha I will look into that also think there is mine problem.
    have 2 scripts
    second one is

    Hope you can use it or gives solution for ~/Library
    What I hope to do with these or 1 of these scripts is only rederect desktop and Documents to network drive.

    When Users logon and off The must copy there profile from Win2003 Server to Mac
    And when they are finnised copy back 2 network (at loggoff)

    They must not have Progrem settings on a redirected network drive.
    Because when server is down They must be able 2 work further with local Brouwser .





    #! /bin/bash

    ##
    ## launchd script to redirect key folders for Active Directory users - Tim Schutt, 2013
    ##

    LIUSER=$(ls -l /dev/console | cut -d " " -f 4) ## pulls username in for currently logged in user
    LIGRP=$(ls -l /dev/console | cut -d " " -f 6 | cut -d "\\" -f 1) ## extracts group of currently logged in user - used to test if "AD"
    NETLIB=/Volumes/$LIUSER\$/Library ## shortcut - I get lazy sometimes.


    if [ "$LIGRP" = "AD" ] ## if the logged in user is an AD user
    then
    if [ ! -d $NETLIB ]; then ## Test if Library folder exists on AD share and execute if it does not
    echo "Library does not exist in network home - creating it."
    mkdir $NETLIB
    fi

    if [ ! -d $NETLIB/Application\ Support ]; then ## test if Application Support exists.
    echo "Application Support does not exist - creating it."
    mkdir $NETLIB/Application\ Support ## create it if not
    fi

    if [ ! -d $NETLIB/Application\ Support/Google ]; then
    if [ -d /Users/$LIUSER/Library/Application\ Support/Google ]; then
    echo "Copying Chrome prefs to network home."
    cp -fR /Users/$LIUSER/Library/Application\ Support/Google $NETLIB/Application\ Support/Google ## copy Chrome prefs to AD space
    else
    echo "Creating Chrome prefs folder."
    mkdir $NETLIB/Application\ Support/Google
    fi
    fi

    if [ /Users/$LIUSER/Library/Application\ Support/Google ]; then
    echo "Removing local Chrome prefs."
    rm -R /Users/$LIUSER/Library/Application\ Support/Google ## Remove the local copy of the Chrome prefs
    fi

    echo "Linking to network Chrome prefs."
    ln -s $NETLIB/Application\ Support/Google /Users/$LIUSER/Library/Application\ Support ## link to the AD version of the prefs

    if [ ! -d $NETLIB/Application\ Support/Firefox ]; then

    if [ -d /Users/$LIUSER/Library/Application\ Support/Firefox ]; then
    echo "Copying Firefox prefs to network home."
    cp -R /Users/$LIUSER/Library/Application\ Support/Firefox $NETLIB/Application\ Support/Firefox ## copy Firefox prefs to AD space
    else
    echo "Creating Firefox prefs folder."
    mkdir $NETLIB/Application\ Support/Firefox
    fi
    fi

    if [ -d /Users/$LIUSER/Library/Application\ Support/Firefox ]; then
    echo "Removing local Firefox prefs."
    rm -R /Users/$LIUSER/Library/Application\ Support/Firefox ## Remove the local copy of the Firefox prefs
    fi

    echo "Linking to network Firefox prefs."
    ln -s $NETLIB/Application\ Support/Firefox /Users/$LIUSER/Library/Application\ Support ## link to the AD version of the prefs

    if [ ! -d $NETLIB/Safari ]; then ## test if Safari prefs exist.
    if [ -d /Users/$LIUSER/Library/Safari ]; then
    echo "Copying Safari prefs."
    cp -R /Users/$LIUSER/Library/Safari $NETLIB/Safari ## copy them from template if not.
    else
    echo "Creating network safari prefs folder"
    mkdir /Volumes/$LIUSER\$/Library/Safari
    fi
    fi

    if [ -d /Users/$LIUSER/Library/Safari ] && [ ! -h /Users/$LIUSER/Library/Safari ]; then
    echo "Removing local Safari prefs."
    rm -R /Users/$LIUSER/Library/Safari ## remove local safari prefs
    else
    echo "Safari prefs are already linked"
    fi

    if [ ! -h /Users/$LIUSER/Library/Safari ]; then
    echo "Linking to network Safari prefs."
    ln -s $NETLIB/Safari /Users/$LIUSER/Library ## create link to safari prefs on network home.
    fi
    fi
    exit 0 - Raoul.tjin 11 years ago
  • The script directly above might be overkill. I tend to keep it simple.


    in pseudo code on logon I would:
    1. mount a network share
    2. check to see if they already have a user profile on the local machine. If they do, you don't need to recreate the symbolic links. If they don't have a local profile, you need to create the symbolic links.
    3. redirect (symbolic links) the Desktop and Documents folder (you have a script for that above). If your users are going to use the Pictures, Music, or Movies folders I would redirect them as well using the ln -s command to your network volume. Keep everything else local; e.g. ~/Library
    4. test, test, and test!

    If you redirect the folders above you won't have to wait for rsync to complete, which depending on how many files there are could dramatically increase login/ logoff time.


    So something link this: - Jbr32 11 years ago
  • You may also want to look into http://www.centrify.com/ - Jbr32 11 years ago

Posted by:

Raoul.tjin Orange Belt
Ninja since: 11 years ago

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

View more:

Scripting Questions
question

Related Questions

Link

Related Links

Post

Related Posts

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ