Filter
Top Products
38 Chapter 2 Getting Started with User Management
A user’s network home folder doesn’t need to be stored on the same server as the
directory containing the user’s account. In fact, distributing directory domains and
home folders across multiple servers can help balance your network load. This scenario
is described in “Distributing Home Folders Across Multiple Servers” on page 115.
You may want to store home folders for users with last names beginning with A
through F on one computer, G through J on another, and so on. Or, you may want to
store home folders on a Mac OS X Server computer but store user and group accounts
on an LDAP or Active Directory server.
Before creating users, pick a distribution strategy. If your distribution strategy fails while
using it, you can move home folders, but doing so can require changing a large
number of user records.
When determining the access protocol to use for home folders, AFP offers the greatest
level of security. If you are hosting home folders on UNIX servers that do not support
AFP, you may want to use NFS. If you are hosting home folders on Windows servers,
you may want to use SMB.
For more information about how to use these protocols for home folders, see “About
Home Folders” on page 113.
Identifying Groups
Identify users with similar requirements and consider assigning them to groups.
See Chapter 5, “Setting Up Group Accounts.”
Determining Administrator Requirements
With Mac OS X v10.5, you don’t need to give full domain administrator privileges to all
users who need only some administrative control. Instead, you can give them limited
administrative privileges.
Decide which users will have full administrative control over accounts and which users
will perform only a few administrative duties.
The domain administrator has the greatest amount of control over other user accounts
and privileges. The domain administrator can create user accounts, group accounts,
computer accounts, and computer groups, and can assign settings, privileges, and
managed preferences for them. He or she can also create other server administrator
accounts, or give specific users (for example, teachers or technical staff) administrator
privileges in certain directory domains.
Limited administrators can perform common administrative tasks for specified users
and groups. They can manage user preferences, edit managed preferences, edit user
information, and edit group membership. Giving users limited administrative privileges
helps them to be more self-sufficient, without putting your organization at risk.