Posted on 09-12-2016 06:37 PM
I work in a school, previously we haven't made a concerted effort to remove school applications, settings, management software etc from a students laptop once they finish, so I'm hoping to change that this year.
I'm currently looking for the best way of dealing with mobile accounts (as every student has one they use on their machine) after unbinding the machine from AD. Is it safe to let the students continue using their mobile account or will be there issues in the future (such as if they wanted to change the password?)
I've come up with a solution to create a local account as well. However it's then just a process of transferring the data across and advising the student on the process.
This cannot be a manual process because it'll become way to time consuming. Any advice on best practice or procedures would be great!
Posted on 09-13-2016 12:33 AM
A mobile account with no connection to AD is really similar to a local account, but i would worry about all of the extra attributes and references to AD in the local user record afterwards.
I would go for switching them to a local account.
The process could be fully automated with these steps:
sysadminctlif it can, or by removing the local user account plist file and associated password files
sysadminctlso you can script it and use a variable for the user name from the previous steps
chown -R username /Users/username
The only caveats would be:
Hope this helps!
Posted on 09-13-2016 10:53 PM
Thanks for the response @davidacland .
Is there any chance of being able to do any of those steps when the user is logged in. I'm planning on making this policy available in Self Service so the students can run the process themselves.
My current thinking is that I'll have a prompt to create the local account and transfer all the data from the mobile account (except for the library folder) across to the new account. Once the process is finished I'll prompt the user to switch accounts. If I have some smarts in there I could place a launch item to remove the old mobile account once the new local user logs in. The only lost item would be the library folder.
Does this sound like a possibility?