Chapter 8 Managing Portable Computers 135
All mobile accounts on Mac OS X v10.5 or later (including external accounts) can use
FileVault to encrypt the contents of the local home folder. For more information, see
“Enabling FileVault for Mobile Accounts” on page 205.
For information about creating external accounts, see “Creating External Accounts” on
page 208.
Logging In to External Accounts
If a user has a local home folder on an external drive and he or she connects it to a
computer that allows the external account, logging in to an external account is like
logging into a mobile account.
If there isn’t a local home folder on the external drive, or the external account isn’t
allowed, the user must take a few additional steps before he or she can log in with the
external account. If the user has a local home folder on the computer, the user can’t
create a local home folder on an external drive.
If the user doesn’t have a local home folder on an external drive, the location setting in
mobile account creation options might give the user the choice of where to store the
local home folder:
 If you set the location to “user chooses,” a window appears allowing the user to
choose where to store the local home folder. You can limit the choices to store on
the computer or on an external drive, or you can choose both. If the user chooses an
external drive, a local home folder is created on the external drive.
 If you set the location to “at path” and enter the path to the external drive, the user
doesn’t choose a location.
For more information about setting up mobile account creation options, see “Creating
External Accounts” on page 208.
After a local home folder is created on the external drive, if the computer is connected
to the directory server that holds the mobile account, the user is allowed to log in. If it’s
not connected to the directory server, Mac OS X checks to see if the external account is
allowed or denied access to the computer.
If an external account isn’t permanently allowed or denied access to a computer, a
dialog appears asking if the external account should be allowed or denied access to
the computer. To allow access, the user must authenticate as the local computer
administrator.
If the external account is allowed access, the user logs in. If the user is denied access,
the user is returned to the login window.
The local administrator can permanently allow or deny access to the computer. If a user
is permanently denied access, he or she can hold down the Option key while logging
in to redisplay the dialog.