Login/Logout Hooks for a shared user account with Active Directory.

[Bushido]

Greetings,

We are a former MacAdministrator school (their lack of support for 10.6 being the primary reason). In it's place, we're planning on using Mac OSX Server and ARD to manage clients, authenticating through Active Directory. We'd like to emulate how MacAdmin functions for a few features. One is the static home folder for all users. We've been successful setting that up so that a new user is presented with a fully customized starting environment, dock layout and first application runs already in place. We used this walkthrough to achieve these results. "Michael's Mac - Create a Custom Environment for Leopard's New Guest User"
We have run into some issues that we are close to solving but are hoping someone has run into and can help us resolve.

The login.keychain file need to be deleted on logout otherwise the next user gets a keychain error on login. (Continue to login, Change Keychain PW, and Use new Keychain are options on error window)

We think creating a logout hook to delete this and any other files we want replaced with defaults is possible, however we have not found out how to implement this yet.

We have seen scripts that destroy the user on logout however we would like some persistence of files so that if a user inadvertently forgets to backup files they would be able to get it off the local machine after a reasonable amount of time.
We have found the following resources on logout/login hooks but could use a bit more hand holding in creation and editing of these scripts.
At this point we don't know how to get the scripts into the machine so they run on logout as well as the exact wording of the scripts.
"System Startup Programming Topics: Customizing Login and Logout"
"Bombich.com: Mac OS X Management Custom Shell Script Library"
"Bombich.com: Implementing Login and Logout hooks for System Management"

Thanks!

Stephen Bailey
Media Services Coordinator,
School of the Museum of Fine Arts

[TomH]

Instead of scripts, why not just use mobile accounts that never sync (or if they do just sync preferences) and set a timeframe after which the local account is deleted.

This way every user gets a loal home folder, that is created from the default templates and deleted after a period of time, no need to worry about keychains etc.

Can all be done and managed through Workgroup Manager and is much simpler and efficient.

Tom