Mac Network Administration - Advice
I'm posting because I'm at a bit of a crossroads when it comes to a Mac network I'm looking after.
It's a small primary school consisting of around 35 iMacs (All running OS X Lion) and a Mac server (Lion Server) that is running Open Directory along with a pair of windows machines on a workgroup (yuck). We do have an old Windows server to use but it's pretty archaic an lockd on 2003 at the moment so I'm not sure it's even worth bothering.
As it stands, all of the Macs have been set up by another company and I'm aiming to kick them into shape by automating and regulating certain things as I would in a windows network (Perhaps my first mistake).
Currently users log on and all of their data is saved locally (yuck), everyone's bottom dock is different, they can place files on the desktop, etc. - All things I would have full control over from a central location if I was administrating from a Windows network (And all things I'd quickly change!).
So I've began making some changes in Workgroup Manager, and tried to change users to mount a network home drive (although I've seen a couple of 'This home drive is not in the normal place' error messages); removed certain items from the dock; rolled out proxy settings to all machines. I also had a play with profile manager but this seems like it's basically for iOS devices. However, at the end of it all I'm still left with a yearning for a more in-depth kind of Group Policy system and I want to get your opinion on what's the best route to go down before I configure something or purchase something that's not worthwhile.
- I've taken a look at the Casper suite and I heard that can basically act as a replacement for Group Policy (or an equivelant) but it's too expensive.
- Next I considered ARD. ARD looks very handy for remote tasks as I'm not based at the site and even then, it's easier to do things remotely then do things a hundred times over per machine.
- I also considered StarDeploy as a means to deploy software (Again, as I would use in a GP environment) but the set up has to be done per-machine and in this time, it seems like I might as well re-image the lot and get more issues out of the way with.
- I then read that a lot of Mac administrators achieve what I want by using DeployStudio to just reimage the machines for any major changes - and it looks like I'll have to do this anyway - but this doesn't really help for small changes like automatically mapping a new printer or changing a wallpaper.
My final conclusion was that I have to make the most of OS X's speedy imaging and the underlying Unix commands (I know how powerful and terrifying bash is), so I'm left thinking that I should create my standard image with all software, updates, etc. and add a login script hook that then pulls off networked login scripts to help me achieve any minor tweaks that can be done on login but also reimage the machines with DeployStudio if I need to administer a large upgrade or install big pieces of software?
Any input is greatly appreciated!