Part 3 of my 4 part series on Workgroup Manager. We’ve already covered an Introduction to Workgroup Manager, covered the Step by Step Instructions for common tasks. Now we are going to take a look at some best practices that will ensure you maintain and reliable and useful directory system. Also, in case you missed it we also took a quick look at how to add an application to a users dock using WGM.
Workgroup Manager can be a complicated tool, and unfortunately there is potential to create conflicts and instability using this tool. Today, we are going to cover some recommended best practices and take a look at how they can you manage your Open Directory system. Have something to Add? Let me know in the comments.
Each account record within your directory system is assigned a unique numerical User ID that is used by your directory system to locate individual records. WGM by default simply adds one to the previous record to get the User ID for any new user. It also will not allow you create a duplicate User. But User IDs can be used to keep your directory organized. For Example on my network:
1000-1999 is used with Teachers, Administrators and IT Staff
2000-2999 is used with Kindergartners
3000-3999 is used with 1st Graders
4000-4999 is used with 2nd Graders
5000-5999 is used with 3rd Graders and so on.
By having a simple, unified system for user IDs I can now quickly and easily identify which group a particular user is a part of. This does not replace Workgroups, but it does allow me to know which workgroup I may need to edit or troubleshoot without having to navigate to the Groups pane. Finally, this helps find a quick test account when one is needed.
Along the same line as user ID, I have found it infinitely helpful to follow a standard naming convention for the computers in all my buildings. This can help during the troubleshooting process to identify a computer in Apple Remote Desktop, assign the right image, or even know which Computer Group to assign to. We use the following format:
For Notebooks that travel we use the users last name to identify the computer instead of the location.
KJHS-eMac-Lab01 (Kennedy Junior High School - eMac - Lab Computer 1)
JHS-MB-Davis (Johnston High School - MacBook - Davis)
Because of limits in bandwidth, my District operates 9 separate Directory Systems, one in each building. Although we are moving towards one unified system, I know many other K-12 districts operate in the same way. If you are operating in this type of environment it is important to apply the same unified standards or settings across all of your systems. Not doing so will add significant frustration to the troubleshooting process.
Now, in Educational IT I do recognize that individual schools have individual personalities, and often individual culture. At first glance, this could prove problematic to having a uniform system. However, you can maintain standards such as User ID assignment, group folders, and system preferences without interfering with this culture. Teachers at Clark School may want to use FireFox where teachers at Jones may want to use Safari. This does not interfere with standards such as Energy Saver preferences, file permissions, etc. while still allowing the school to choose their default browser. Complete Standardization is ideal, but not always realistic.
Manage Preferences in One Location
As we took a look at managing preferences in the previous articles, we mentioned the concept of Preference Priority. That User preferences override Workgroup preferences is an example. By definition, we in the IT world are always overworked and busy, and it can often be tempting to take the path of least resistance when assigning preferences. Not paying close attention to where preferences are assigned can and will lead to increased work when trying to troubleshoot what went wrong. It is important that you follow a uniform standard throughout your directory system and only manage preferences in one location.
A good example of this would be dock preferences. In a previous article we discussed a first grade class that had to use the Computer Graphics Lab instead of the regular computer lab for their class. Although the 1st Graders only had Type To Learn and Safari in their dock, the Computer Group had Photoshop in its Dock preferences. The result was confusion for the 1st graders when half of them accidentally clicked on Photoshop instead of Safari by mistake. Instead, you should have managed all dock preferences in workgroups. That way, no matter what computer the user logs in on, they are presented with the same dock.
As a general rule I use the following guidelines:
Hardware related preferences - Manage in the Computer Group
• Energy Saver
• Login Options
Software related preferences - Manage in the Workgroup
• Dock Layout
• Default Web Browser
• Application Permissions
Limited Exceptions Only - Manage by the User or Computer
Workgroup Manger can be a very complicated tool, for maintaining your Open Directory systems. However, by following these simple Best Practices you can help alleviate many problems, and provide a much simpler troubleshooting process.
By Eric Danley