This is maybe a basic question, but conceptually I'd like to know where best to begin.
Currently to manage users we have JAMF policies that push two admin accounts - one used by us [I.T.] , and one used by department heads.
We setup our end users with a standard account with their name and user [firstinitial][lastname]
The most common issue we run into is that there is a good amount of turnover and staff. For example: We will setup a computer for Jane Smith [jsmith] (standard accoun) and then Jane will leave, and now Scott Thomas needs the machine.
1.) A department head will contact us saying they need the user switched from Jane to Scott. The department head will login with their admin user, 2.) We [I.T.} will start a remote session with them on the machine 3.) We delete "jsmith" and create "sthomas" 4.) Log out of machine 5.)[occasionally] we'll have to log back in to the new user and delete the hidden "keychains" folder in order to prevent keychain errors for this new account. Because we have to be logged in as the new user for this to work, this requires us to start another remote session with the user providing a password to us for a second time.
Needless to say, this is not a simple or easy process. What are the potential solutions (if there are any) to solving this problem? We don't need enterprise grade security or features, but I'd love to be able to do what we do in a AD PC environment...all we do is create a new active directory user for them to sign in with, disable the old user and they are good to go - so much easier!
So what is a way to accomplish this, and what are the benefits and drawbacks of each of these methods?
1.) Active Directory integration?
2.) LDAP integration?
3.) JumpCloud? (just heard about this)
4.) -- there is no good way of doing this?
Thanks for any advice!
