+4Running some labs of 10.6 Macs bound to AD with external accounts activated. Users can choose to create their home folders on the boot volume or some form of external media. The boot volumes in all cases are "/Volumes/Macintosh HD".
Anyone have a script that can help remove the boot-volume accounts at logout? I have an old script that works on 10.5 (haven't tested on 10.6) but I would like something maybe a little more, um, professional?
+17We use MCX and set "cachedaccounts.expiry.delete.disusedSeconds" to zero which deletes the mobile accounts on logout
+6We also use MCX and the cachedaccounts.expiry.
FYI- There is a bit of a bug with that and Snow Leopard, though where accounts that login exactly one time may not delete. (http://support.apple.com/kb/TS3736) I haven't tried with Lion yet to see if this issue was resolved.
+4We are seeing the Snow Leopard/CachedAccounts.Expiry issue in my labs. I'll test again once we move to either Lion/Mt. Lion but for now will pursue a scripted solution.
I've had way too many boot volumes reach capacity with the SL bug.
Thanks all.
+13adapt the logout/cleanup hooks from NHR: http://www.macupdate.com/app/mac/25425/network-home-redirector.
i used that awhile back for a similar purpose where a client wanted all lab machines' local homers purged on each logout/boot.
+12haven't used this method in a while, but at a client we had homefolders being redirected to /tmp. Didn't remove on logout, but did on reboot...
+12Hello, I'm looking for a way to scope cachedaccounts.expiry.delete.disusedSeconds to a specific user. Is there a way to do that through Casper MCX profiles?
+8We remove cached accounts with a script that runs via policy once per day. This is working really well for us on 10.5, 10.6, and 10.7. The same script also removes the com.apple.sharepoint groups that are created for each user and the MCX directory. We found that doing this increases login speed.
#!/bin/sh
# Define current user
current_user=`ls -l /dev/console | awk '{print $3}'`
# Loop through users with homes in /Users; exclude any accounts you don't want removed (i.e. local admin and current user if policy runs while someone is logged in)
for username in `ls /Users | grep -v admin | grep -v $current_user`
do
echo "Removing user: $username"
dscl . delete /Users/$username
rm -rf /Users/$username
done
# Remove all sharepoint groups to speed up login.
for group in `dscl . list /Groups | grep "com.apple.sharepoint"`
do
echo "Deleting group: $group"
dscl . delete /Groups/$group
done
# Remove MCX files
rm -rf "/Library/Managed Preferences"Regarding deleting accounts on logout, has anyone else noticed using MCX and setting "cachedaccounts.expiry.delete.disusedSeconds" to zero no longer seems to be deleting mobile accounts in 10.7 (I tested in 10.7.3 and 10.7.4).
Apple originally said this was a big in 10.7.3 and fixed in 10.7.4 but still not working for me.
+5@CasperSally
Where do you set "cachedaccounts.expiry.delete.disusedSeconds"?
Do you go to "Mobile Account..." then choose Custom?
I have looked through everything I can find on MCX, but to no avail.
Thanks in advance!
+17@listec we stopped using MCX few years back. There's a profile setting for this that i've had mixed luck with (some OS's it works fine, then the next OS it wouldn't work). I use a script now to delete home directories. There's posts on this message board about the script, but ever since jamf moved to jamf.com i can never find what I want to find :(
+17@listec it looks like this config profile works on at least 10.11.5 machines. you'd only need the mobility section, the other settings are for other things we manage.
+5Ya, I had mixed results too, so I wrote a script myself. The Mobility setting above doesn't work for home folders which were forcibly created without a mobile account.
Also, I decided it was better to leave each home folder and just remove the Desktop, Documents, and Downloads folders to retain settings and speed up login times a bit.
I then created a policy and script to completely remove home folders which haven't been used in X days.
Thanks!
+14@jagress Just a quick question about your script, how do you define users you exclude.
Thanks!
Jared
+5Hi @jagress ,
Here is my script. I am only excluding one user. There are other tricks you can do to exclude multiple users or users in specific groups, but I don't need to do that. YMMV.
#!/bin/bash
localAdmin="myLocalAdminUserName"
usrTarget="${3}"
#function to remove folder
rmvFolder () {
dirTarget="${1}"
if [ -d "${dirTarget}" ]; then
rm -fR "${dirTarget}"
if [ $?==0 ]; then
echo "Removed folder: '${dirTarget}'"
else
echo "Failed to remove folder: '${dirTarget}'"
return 1
fi
fi
return 0
}
if [ ${usrTarget} == "" ]; then
echo "No username available!"
exit 1
fi
if [ ${usrTarget} == ${localAdmin} ]; then
echo "Nothing to do!"
exit 0
fi
if [ -d /Users/${3} ]; then
rmvFolder "/Users/${usrTarget}/Documents"
rmvFolder "/Users/${usrTarget}/Downloads"
rmvFolder "/Users/${usrTarget}/Desktop"
rmvFolder "/Users/${usrTarget}/Music"
rmvFolder "/Users/${usrTarget}/Movies"
rmvFolder "/Users/${usrTarget}/Pictures"
rmvFolder "/Users/${usrTarget}/Applications"
# rmvFolder "/Users/${usrTarget}/"
else
echo "Home folder ${usrTarget} does not exist!"
exit 1
fi
exit 0Oh, I forgot to mention, I am leaving ~/Library so the dock and other preferences like default browser remain intact. It also greatly reduces login time, especially on our older machines.
+7@listec quick quest: How did you get MacOS to rebuild the folders that you removed from the user's directory?
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.