<HTML>
<HEAD>
<TITLE>Re: [Casper] Creating Local Accounts w/ Policies (& MS Office)</TITLE>
</HEAD>
<BODY>
<FONT FACE="Arial"><SPAN STYLE='font-size:12.0px'>Yeah, apparently it’s a known AD/Mac issue although we couldn’t find out much about it. We were able to successfully use a utility called Network Home Redirector once (which basically creates login/logout hooks to fix a Microsoft incompatibility), but we were having issues with that lately. Check it out at <a href="http://jochsner.dyndns.org/scripts/NHR.html">http://jochsner.dyndns.org/scripts/NHR.html</a> if you’re interested.<BR>
<BR>
There is “better” AD support in Leopard – instead of the 10.4 <I>Directory Access</I> utility, that’s replaced in 10.5 by the <I>Directory Utility</I>, which is pretty much the same, but looks a bit different and makes things a bit easier. It’s not <I>too</I> difficult to setup AD & OD working together – check out very useful how-to PDF’s for the “Golden Triangle Concept” at <a href="http://www.afp548.com/filemgmt/index.php?id=69">http://www.afp548.com/filemgmt/index.php?id=69</a> and <a href="http://www.bombich.com/mactips/activedir.html.">http://www.bombich.com/mactips/activedir.html.</a><BR>
<BR>
Thanks for the info – we definitely were unaware of those things. For now we have a policy to ensure that accounts are created on startup.<BR>
<BR>
<BR>
On 9/4/08 12:48 AM, "John Wetter" <john_wetter@hopkins.k12.mn.us> wrote:<BR>
<BR>
</SPAN></FONT><BLOCKQUOTE><FONT FACE="Arial"><SPAN STYLE='font-size:12.0px'>About 90% of our local accounts are created using Casper. The other 10% are created just because the tech happens to be sitting at the computer already, so they just make the account. The only bug/issue we've had is creating accounts right after imaging that do not have a password (we do this for some of the primary school aged kids). To work around this, I just used the jamf command line in a script that ran after imaging and it worked fine (select 'at reboot' for the script properties in the JSS). I didn't need to do anything other than delete the account creation from the AutoRun job and instead add the script to the configuration with it's properties set to 'at reboot'. There is apparently something with Leopard about creating a user with no password on Firstrun according to JAMF Support where instead of it being an empty password, it puts a password hash in there. We also run MS office and NeoOffice and have had no problems as long as you created your office packages with the correct rights, which you'd have problems with anyways no matter how you create your accounts if the rights were wrong.<BR>
<BR>
One FYI is that Leopard won't update the login window as the new accounts are created like Tiger did. We also use the pictures/buttons login window so teachers can say 'click on the butterfly'.<BR>
<BR>
That's interesting to hear about MS Office crashing with AD accounts. We used to have the majority of our users on mobile accounts in Apple OpenDirectory but abandoned that as we just had too many problems. We were looking at starting to test making AD-based accounts on our Leopard computers with the better AD support in Leopard.<BR>
<BR>
-John<BR>
</SPAN></FONT></BLOCKQUOTE><FONT FACE="Arial"><SPAN STYLE='font-size:12.0px'><BR>
</SPAN></FONT>
</BODY>
</HTML>