Not all settings make sense in all cases (for example, application access does not make
sense in the Once setting, because Once is essentially the same as Always). Mac OS X v10.4
also introduced the notion of Often. This persistent setting allows the user to change the
preferences but resets them the next time the computer boots or a user logs in.
NOTE
씰
The Often option is only available via the Preference Manifest screen. This is
available by selecting Details on the main preference screen.
Managing User, Group, and Computer Preferences
You might want to manage preferences at the user level only for specific individuals, such
as directory domain administrators, teachers, or technical staff. You should also consider
which preferences you want to leave under user control. For example, if you aren’t con-
cerned about where a user places the Dock, you might want to set Dock Display manage-
ment to Never.
Managing User, Group, and Computer Preferences 453
Follow these steps to manage user, group, computer, and computer group account prefer-
ences with Workgroup Manager:
1 Click Preferences.
2 Click the globe icon below the toolbar and open the directory domain where you
want to store the new account.
3 If necessary, click the lock and enter your user name and password.
4 Select the user, group, computer, or computer groups you want to manage.
5 Click the icon for the preference you want to manage.
6 In each pane for that preference, select a management setting (Never, Once, or
Always), then select preference settings or fill in the information you want to use.
7 Click Apply Now.
A more efficient way to manage user preferences is to do it at the workgroup level.
Workgroup preferences are shared among all users in the group. Setting some prefer-
ences only for groups instead of for individual users can save time, especially when you
have large numbers of managed users. In some cases, it may be more efficient to man-
age preferences for computers instead of for users or groups. These options are all part
of proper planning when preparing to manage accounts.
Managed Preference Precedence—Inherit
If you manage the same preference for user, group, computer, and computer group accounts,
which preference setting takes precedence? This can be a complicated question, because in
some cases the preferences override each other, while in others they are combined.
To simplify preference management, you might decide to manage certain preferences
at only one level. For example, you could set Login preferences only for workgroups, set
454 Managing Accounts
Dock preferences only for computers, set Finder preferences only for computer groups,
and Application preferences only for users. In such a case, if a user logs in at a managed
computer with a managed user account that is a member of a workgroup, the user will
inherit each of the managed preferences from each of the managed accounts.
Managed Preference Precedence—Override
In cases where you have set managed preferences at more than one level, and the prefer-
ence setting can only have one value, the override rule applies: Managed user preferences
override managed computer preferences, which override managed computer group pref-
erences, which in turn override workgroup preferences. For example, if you are managing
Dock preferences and decide to set the Dock position to the right for the workgroup the
user belongs to, to the left for the computer the user is logging in at, and at the bottom
for the computer group that computer belongs to, what does the user get when using one
of the managed computers? Because computer preferences override computer group and
workgroup preferences, the user will see the Dock on the left.
Managing User, Group, and Computer Preferences 455
In general, it’s most efficient to manage preferences at the group level. Then
you can use the override rule to grant additional privileges to specific users, or to set
specific preferences on certain computers.
Managed Preference Precedence—Combine
If a preference can have more than one value, and you set different values for it at the user,
computer, computer group, and workgroup levels, Workgroup Manager combines these
values. For example, suppose you configure managed Application preferences to allow a
workgroup to launch the Address Book application, the user to launch Safari, the computer
the user is logging in at to launch Preview, and the computer group that contains that com-
puter to launch Chess. When the user logs in, he or she will be able to launch all four of the
applications because the rules are combined.
456 Managing Accounts
Get Apple Training Series Mac OS X Server Essentials, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
