how to modify User Template for AD users?

misterfriendly
New Contributor

I've successfully set up an imaging workflow (10.8.5) for my Macs which includes a modified User Template. I set up a user account with the desired settings and packaged up ~/Library for installation (minus the Caches & other cruft), along with a pre-install script to delete the existing User Template and a post-install script to fix permissions on the new one.

When I create a new local user on the re-imaged Mac, the user template works great. But when I try to log in with a network account (AD 2008R2) I still get the Apple factory default user environment. I can trash the test account's home directory off the server and I can see it being rebuilt at next login -- where the heck is that stuff coming from if not the User Template?

I also tried building "user environment" packages in Composer to do the same thing = same result. Checking FEU and/or FUT didn't make a difference either.

It seems that Casper gives you a bunch of different tools for this, but none of them seem to work! Does anyone have a method that really works?

Do I have to use MCX? I sure hope not …

7 REPLIES 7

bentoms
Release Candidate Programs Tester

@misterfriendly.. AD mobile accounts?

I've never directly modified the user template, always FEU/FUT + MCX &/or Config Profiles & it works.

SeanA
Contributor III

Ok, updating my post as I did not read bentoms advice. :-)

When you log in with the network account, in its AD configuration, is the computer configured to "create mobile account at login"? If so, it will be caching an account to the machine and it should work.

(As you probably know, this option is located at --> Open System Preferences > Users & Groups > Login Options > Network Account Server: Join (or Edit) > Open Directory Utility… > Active Directory > User Experience tab).

misterfriendly
New Contributor

thanks -- I don't have these computers set up to create mobile accounts, or to force local homes. I always thought it was cleaner to leave those unchecked (if I don't actually need the accounts to be mobile). I can try setting "create mobile account" true and see if that does the trick.

misterfriendly
New Contributor

I went into Directory Utility and set mobile account = true. Now when I log in as a network user, the user environment is created according to the user template, so that's good.

However, with mobile accounts, only ~/Library is stored on the server; the rest of the home directory ends up in /Users on the local hard drive, just as it would for a local account. (When mobile accounts are enabled, "force local home" is stuck in the 'on' position). This is not a good setup for a lab environment, plus I don't want to store user data on local drives.

So, back to square one I guess.

GSquared
New Contributor II

I'm also trying to do this and when I install a DMG package that is set to FEU/FUT it works for the local accounts on the machine, but the AD mobile accounts get nothing. I see that you note ~/Library is stored on the server for your mobile accounts. Is that truly the case? It seems to definitely be on the machine for ours (?) and is where the files we need to have filled are located.

Tested with local account and it picked it up next login. Tried with a mobile account and the files never exist no matter how many times I try to use the DMG.

calumhunter
Valued Contributor

i think theres multiple user template folders, Non Localized and en.lproj not sure if you need to have the items in both or not.

Personally i'd probably rather set up the preferences for the users on first login via a first time login script, that way if we need to change settings we can simply change the script, rather than have to blast new settings files out to existing machines.

GabeShack
Valued Contributor III

Is this where ```
/usr/bin/defaults write /Library/Preferences/com.jamfsoftware.jamf append_users_not_in_dcsl -bool true
```
Would fix this?

Gabe Shackney
Princeton Public Schools

Gabe Shackney
Princeton Public Schools