Currently Being ModeratedApr 30, 2012 3:44 PM (in response to Tim Fall)
Of course. This is (was) called mobile accounts. The concept is as you describe. The machine is bound to the server and the user logs in initial while on the LAN. This will create a local home folder but use server credentials. These credentials are then cached for offline use.
And also yes. You can limit domain access using the Accounts preference panel. Once bound, click on Login Options and you will see a new checkbox and button that will allow you to limit specific accounts to specific machines.
Currently Being ModeratedApr 30, 2012 3:57 PM (in response to Strontium90)
Thanks, thats exactly what I wanted to know. I may be able to figure this out when I use it, but is it possible to do the limiting in the profile setup so that it can be pushed out?
Currently Being ModeratedMay 1, 2012 7:28 AM (in response to Tim Fall)
Hmm. Limiting pushed out in a profile? Not that I know of. However, if you have ARD and you know a little defaults magic, this probably can be sent out as a remote command. I will admit, I've only used the limited user stuff in the lab as I've not found a business need to deploy in the field. Thus, I've never looked to automate.
Currently Being ModeratedMay 1, 2012 6:40 PM (in response to Strontium90)
Thats a good point. I've done this before. I'm trying to figure out a way to set individual settings (especially associateing Apple ID's and activating services) for users in a way that can pushed out. It would make it much easier to swap them out should anything go wrong.