Jamf Nation Community

Complicated...NetApp filer, Apple screw ups get worse all the time, WGM to implement mcx without modifying schema or setting up golden triangle with an OD, GPO ADM templates controlling removable media (a must for banking clients) plus many many more reasons. Sorry been a long day.

Thanks Ben that's it. Again Massive problem for network home directories :( Apple are getting worse with no proper UAT.

They are getting too big headed and get people like us to test this stuff and and report it for free. Sad thing is we do it!

Oh, was just curious, we're moving away from thursby. The DFS was the last bastion they had here.

John Wojda
Lead System Engineer, DEI & Mobility
3333 Beverly Rd.  B2-338B
Hoffman Estates, IL 60179
Phone:  (847)286-7855
Page:  (224)532.3447
Team Lead DEI: Matt Beiriger
Team Lead Mobility: Chris Sta Ana
                   Mac Tip/Tricks/Self Service & Support

“Any time you choose to be inflexible in your approach to an unpredictable project you are already building failure into your plan”

Tbh, it all depends on what you consider "Best Practice" we used both profile folder methods here with profilesusername$ being seem as better then profiles$user

Anyways, do you need I mount the profiles at login as they hold the users profile or just a personal share?

Regards,

Ben.

The most important for me is the removable media control GPO.

I can put my self in and AD security goup say DenyRemovableMedia

When I do this I cannot mount any removable media.

I have a lauch daemon running a script every hour to do a thursby gp update. This is useful as I can add a user to AllowRemovableMedia or ReadOnlyRemovableMedia and know later in the day I can add the user back to the deny group and its secure.

Also I don't have the golden triangle with open directory and its only me looking after the Macs and my colleagues have no interest or willing to learn :(

Sorry got to go now its 10pm here and my wife is getting quite sh*tty with me again for working all the time.

There's also a mount network share script in the resource kit that can be
used to mount home directories. I just tell the AD plugin not to map the
drive and then use the script from the resource kit instead as a login
policy. Works great on lion for me- mounts the user's actual share, and
grabs the path from AD.

nick
-- Nick Kalister
Desktop Engineering

Hitachi Data Systems
Office: 408.970.4316

750 Central Expressway
Building 32 : M/S 3240
Santa Clara, CA 95050

I spoke to Tim off list.

I use: http://macmule.com/2011/09/08/how-to-map-drives-printers-based-on-ad-group-membership-on-osx/

Works for me :)

Regards,

Ben.

Doesn't work for me. I think it is because I am using ADmitMac and not the
built in AD plugin

Tim Kimpton
Systems Engineer
E: Tim.Kimpton at rufusleonard.com
D: +44 (0)20 7956 3014
W: http://www.rufusleonard.com
F: facebook.com/rufusleonarduk
T: twitter.com/rufusleonard

Rufus Leonard limited is a company registered in England and Wales with
company number 3348509. Vat number: 691308528


That looks interesting, ben- the ability to kick off the mappings at the
user's request is something I've been thinking of offering. Thanks for
the link!
nick
-- Nick Kalister
Desktop Engineering

Hitachi Data Systems
Office: 408.970.4316

750 Central Expressway
Building 32 : M/S 3240
Santa Clara, CA 95050

FYI, you can prevent access to external drives using Managed Preferences
On 11/10/11 3:54 PM, "Tim Kimpton" <tim.kimpton at rufusleonard.com> wrote:
in the JSS as well as deny access to burn optical media. Optionally, you
can allow admins access to these items or deny access completely.

--

William Smith
Technical Analyst
Merrill Communications LLC
(651) 632-1492