- Jamf Nation Community
- Products
- Jamf Pro
- User home directory on third Volume
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
User home directory on third Volume
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-28-2008 02:43 PM
We are running with 3 partitions on hard drive
Restore hidden to user
MacOS- all applications
Data -User Home directory and scratch
Two weeks ago user changed names of two drives they can see. On restart it
created a new empty user home directory on the MacOS partition for the user.
We just reimaged.
Today again another user-changed names of drives they can see and on restart
the computer would not restart. Then I got second call it did start up as
user BUT the users items were gone. By the time I got to computer one of
techs had reimaged. On questioning tech when they booted with restore drive
and changed names back system would not come up right. And just backed up
user files and reimaged whole drive.
It has been very helpful when we need to reimage MacOS drive and not have to
worry about users home directory. But now I am not so sure if a name change
will cause such trouble.
Anyone have best practice for this.
Anyone going to WWDC?
Ricky
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-28-2008 03:28 PM
I'll be at WWDC.
My first, best recommendation is to not give admin privileges to your clients.
Some people think that having admin privileges is "corporate/organizational culture". You may find yourself directed to give admin rights to all or some of your clients. If you find yourself in this position, I would advise you to find the appropriate time, place and person to discuss the issue with, and explain what havoc can be wrought by an admin. Remember that any admin has or can get root and root is omnipotent. Having unknown, unskilled, and potentially untrustworthy people with unlimited access to your systems is bad. If you're in a publically traded company, users having having admin rights may be illegal.
An ignorant or malicious admin can undo any management system or process you enact.
They could render a computer inoperable, thus costing your organization their own downtime, as well as the time you need to take to fix the problem.
Sorry if this got off on a bit of a tangent, but there are countless good reasons not to give out admin rights, and very few good reasons to give them.
-----
Miles Leacy
ACTC|ACSA|ACT|CCA
Senior Mac Technologist
Polo Ralph Lauren
212.318.7603
miles.leacy at poloralphlauren.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-28-2008 04:13 PM
I'll be at WWDC. I'm sure we can meet at the CUG on Tuesday night. It's quite amazing to see how different people's environments really are.
We don't save any user home directories, at least in our labs and classrooms. They get wiped each night so they get updated user profiles if we re-imaged or pushed out new software that has anything for Fill User Templates to pick up. All of their "STUFF" is saved on a network share so it's backed up.
Craig Ernst
Systems Management and Configuration
+-------------------+
University of Wisconsin-Eau Claire
Learning and Technology Services
105 Garfield Ave
Eau Claire, WI 54701
Phone: (715) 836-3639
Fax: (715) 836-6001
+-------------------+
ernstcs at uwec.edu
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-28-2008 11:50 PM
I will not be at WWDC this year, we're on an 'every-other-year' rotation here.
While a bit OT for this list, I'd be interested to hear how other educational institutions (especially K-12) handle local computer rights for staff. We lock down student computers pretty tight, but there is a lot of push to give staff admin rights on their computers to be able to try out new software/services. We have different setups right now across our environment from very locked down to being very open with admin rights. What are others doing? Let users have admin rights and then just re-image when they get in trouble, or have them just be 'standard' users, or do you hav ethem as managed users?
Thanks,
John
--
John Wetter
Technology Support Administrator
Technology & Information Services
Hopkins Public Schools
952-988-5373
john_wetter at hopkins.k12.mn.us
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-29-2008 06:41 AM
John,
I have two images for my macbooks. 1 teacher and 1 student image. The teacher image is very lightly managed. Their network accounts are not admin level, however we do have local admin accounts on the machine that the teachers can use to install and test software.
The student machines are locked down locally, and by group policy and have no rights to install or update software. The local admin account on the student machine is hidden, and of course it is very different than the teacher accounts.
I have already used casper to change passwords and it has worked great, so we do some slight password rotations.
Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
cell: 913-449-7589
office: 913-627-0351
