Jamf Nation Community

We also use MCX and the cachedaccounts.expiry.

FYI- There is a bit of a bug with that and Snow Leopard, though where accounts that login exactly one time may not delete. (http://support.apple.com/kb/TS3736) I haven't tried with Lion yet to see if this issue was resolved.

We are seeing the Snow Leopard/CachedAccounts.Expiry issue in my labs. I'll test again once we move to either Lion/Mt. Lion but for now will pursue a scripted solution.

I've had way too many boot volumes reach capacity with the SL bug.

Thanks all.

adapt the logout/cleanup hooks from NHR: http://www.macupdate.com/app/mac/25425/network-home-redirector.

i used that awhile back for a similar purpose where a client wanted all lab machines' local homers purged on each logout/boot.

haven't used this method in a while, but at a client we had homefolders being redirected to /tmp. Didn't remove on logout, but did on reboot...

Hello, I'm looking for a way to scope cachedaccounts.expiry.delete.disusedSeconds to a specific user. Is there a way to do that through Casper MCX profiles?

We remove cached accounts with a script that runs via policy once per day. This is working really well for us on 10.5, 10.6, and 10.7. The same script also removes the com.apple.sharepoint groups that are created for each user and the MCX directory. We found that doing this increases login speed.

#!/bin/sh

# Define current user
current_user=`ls -l /dev/console | awk '{print $3}'`

# Loop through users with homes in /Users; exclude any accounts you don't want removed (i.e. local admin and current user if policy runs while someone is logged in)

for username in `ls /Users | grep -v admin | grep -v $current_user`
do
echo "Removing user: $username"
dscl . delete /Users/$username
rm -rf /Users/$username
done

# Remove all sharepoint groups to speed up login.
for group in `dscl . list /Groups | grep "com.apple.sharepoint"`
do
echo "Deleting group: $group"
dscl . delete /Groups/$group
done

# Remove MCX files
rm -rf "/Library/Managed Preferences"

Regarding deleting accounts on logout, has anyone else noticed using MCX and setting "cachedaccounts.expiry.delete.disusedSeconds" to zero no longer seems to be deleting mobile accounts in 10.7 (I tested in 10.7.3 and 10.7.4).

Apple originally said this was a big in 10.7.3 and fixed in 10.7.4 but still not working for me.

How can you modify that script to delete network folders that are 3 days old (or older)?

@CasperSally Where do you set "cachedaccounts.expiry.delete.disusedSeconds"?
Do you go to "Mobile Account..." then choose Custom?
I have looked through everything I can find on MCX, but to no avail.

Thanks in advance!

@listec we stopped using MCX few years back. There's a profile setting for this that i've had mixed luck with (some OS's it works fine, then the next OS it wouldn't work). I use a script now to delete home directories. There's posts on this message board about the script, but ever since jamf moved to jamf.com i can never find what I want to find :(

@listec it looks like this config profile works on at least 10.11.5 machines. you'd only need the mobility section, the other settings are for other things we manage.

Ya, I had mixed results too, so I wrote a script myself. The Mobility setting above doesn't work for home folders which were forcibly created without a mobile account.

Also, I decided it was better to leave each home folder and just remove the Desktop, Documents, and Downloads folders to retain settings and speed up login times a bit.

I then created a policy and script to completely remove home folders which haven't been used in X days.

Thanks!

@jagress Just a quick question about your script, how do you define users you exclude.

Thanks!
Jared

Hi @jagress ,

Here is my script. I am only excluding one user. There are other tricks you can do to exclude multiple users or users in specific groups, but I don't need to do that. YMMV.

#!/bin/bash

localAdmin="myLocalAdminUserName"
usrTarget="${3}"

#function to remove folder
rmvFolder () {
    dirTarget="${1}"

    if [ -d "${dirTarget}" ]; then
        rm -fR "${dirTarget}"
        if [ $?==0 ]; then
            echo "Removed folder: '${dirTarget}'"
        else
            echo "Failed to remove folder: '${dirTarget}'"
            return 1
        fi
    fi
    return 0
}


if [ ${usrTarget} == "" ]; then
    echo "No username available!"
    exit 1
fi

if [ ${usrTarget} == ${localAdmin} ]; then
    echo "Nothing to do!"
    exit 0
fi

if [ -d /Users/${3} ]; then
    rmvFolder "/Users/${usrTarget}/Documents"
    rmvFolder "/Users/${usrTarget}/Downloads"
    rmvFolder "/Users/${usrTarget}/Desktop"
    rmvFolder "/Users/${usrTarget}/Music"
    rmvFolder "/Users/${usrTarget}/Movies"
    rmvFolder "/Users/${usrTarget}/Pictures"
    rmvFolder "/Users/${usrTarget}/Applications"
#    rmvFolder "/Users/${usrTarget}/"

else
    echo "Home folder ${usrTarget} does not exist!"
    exit 1
fi

exit 0

Oh, I forgot to mention, I am leaving ~/Library so the dock and other preferences like default browser remain intact. It also greatly reduces login time, especially on our older machines.

@listec quick quest: How did you get MacOS to rebuild the folders that you removed from the user's directory?