Have the Mobile Sync thing tell the client to delete the Home folder on logout.
Select the user.
Click Account Expiry
Check Delete mobile account.
Type 0 in the "Days after users next login.
Ensure that "Delete only after successful sync" is checked.
You'll still have to go around to all your computers and delete the users home folder from the users folder.
If you have Remote Desktop you could send a terminal command to all the offending computers.
sudo rm -R /Users/**username-goes-here**
This rm command is extremely volatile.
ENSURE that you have the path to your users home folder correct BEFORE you use this command.
Thanks for the info. I had already changed the Mobility settings, so we are on the same page there. The Unix command would be super easy. The only problem I see would be that if I miss one computer, and the user logs into it and sync's back to the server, the material would be back in his account. Yuck.
What do you think about renaming his Home on the server from jsmith to jsmith1, then changing the path to the users home in WGM as well? That way the jsmith1 Home is being used as his home rather than the old jsmith Home.
I see issues with both, but see less with what you suggested.
How many computers are in your environment and do you have Remote Desktop? If you have ARD, just select all the computers and run the command gracoat posted. Again, though, just make sure the path and everything is accurate. Conversely, if you have a relatively small number of computers (I'd say 30-40 would be about the max sanity limit), just go through them manually (could probably put a script on a flash drive to speed things up a bit). Now, a lot of computers and no ARD, you may be stuck with the two options you listed.
Although, after typing all of that... If you have it remove the home folder on logout, even if he logged into an old one and synced back to the server from it, wouldn't it just delete it off that computer when he logged out? Sure, it would be back in his account, but it wouldn't continue to be spread around to other computers and would essentially self-sanitize itself from any computer he visits. Of course, depending on exactly what the content is and your policy regarding it, you may have to deal with his account again, but it would just be in the single location of his mobile account.
We have about 1,000 computers that he could of logged into. I have started the process of going through ARD and running the Unix script to remove the account. It actually turned out to be pretty slick with a Task Server. I sent the task, and it ran on all the computers that were on at the time. Since then computers have been checking and running the task. Last time I checked I still had 400 computers to go.
I think you are correct. Unfortunetly my users are High School and Junior High students and school is out in 6 weeks. I don't think that would be long enough for the self-sanization to run it's course.
Thanks for the input guys,