Creating Local Accounts w/ Policies (& MS Office)

Not applicable

Hi,
We need to create a local account for ~100 Macs ASAP, preferably right after
image deployment. I know the built-in method of using a policy has just been
suggested on another thread. Has anyone had any problems with creating a
user through a policy? And specifically, can anyone say for sure whether
Office 2004 (or another version) works from an account created that way?
(We're avoiding AD logins because of Office crashing)

Thanks in advance!

Ben Slutzky

2 REPLIES 2

John_Wetter
Release Candidate Programs Tester

About 90% of our local accounts are created using Casper. The other 10% are created just because the tech happens to be sitting at the computer already, so they just make the account. The only bug/issue we've had is creating accounts right after imaging that do not have a password (we do this for some of the primary school aged kids). To work around this, I just used the jamf command line in a script that ran after imaging and it worked fine (select 'at reboot' for the script properties in the JSS). I didn't need to do anything other than delete the account creation from the AutoRun job and instead add the script to the configuration with it's properties set to 'at reboot'. There is apparently something with Leopard about creating a user with no password on Firstrun according to JAMF Support where instead of it being an empty password, it puts a password hash in there. We also run MS office and NeoOffice and have had no problems as long as you created your office packages with the correct rights, which you'd have problems with anyways no matter how you create your accounts if the rights were wrong.

One FYI is that Leopard won't update the login window as the new accounts are created like Tiger did. We also use the pictures/buttons login window so teachers can say 'click on the butterfly'.

That's interesting to hear about MS Office crashing with AD accounts. We used to have the majority of our users on mobile accounts in Apple OpenDirectory but abandoned that as we just had too many problems. We were looking at starting to test making AD-based accounts on our Leopard computers with the better AD support in Leopard.

-John

--
John Wetter
Technology Support Administrator
Technology & Information Services
Hopkins Public Schools
952-988-5373
john_wetter at hopkins.k12.mn.us

Not applicable

Yeah, apparently it's a known AD/Mac issue although we couldn't find out
much about it. We were able to successfully use a utility called Network
Home Redirector once (which basically creates login/logout hooks to fix a
Microsoft incompatibility), but we were having issues with that lately.
Check it out at http://jochsner.dyndns.org/scripts/NHR.html if you're
interested.

There is 'better' AD support in Leopard ­ instead of the 10.4 Directory
Access utility, that's replaced in 10.5 by the Directory Utility, which is
pretty much the same, but looks a bit different and makes things a bit
easier. It's not too difficult to setup AD & OD working together ­ check out
very useful how-to PDF's for the 'Golden Triangle Concept' at
http://www.afp548.com/filemgmt/index.php?id=69 and
http://www.bombich.com/mactips/activedir.html.

Thanks for the info ­ we definitely were unaware of those things. For now we
have a policy to ensure that accounts are created on startup.