Isolating user wifi and preparing device for next user

New Contributor III

We have a 1:1 laptop program and have been wondering about 2 things:

  1. How to force users to install apps ONLY to their personal applications directory
  2. How to force all new wifi credentials in the keychain to be associated with the user's login keychain and not the system keychain

At the moment, user apps get installed to the main Applications folder and wifi gets saved to the system keychain.

We are interested in this because we want to merely delete a user and their folder to make the device available for the next person who will use it, without having to wipe the machine.

Our users are standard and admin users.

Has anyone encountered these settings and might know where to modify this behavior? Other thoughts?