Enable this group policy to configure mobile account creation.
- Create mobile account when user logs in to network account
Select this option to create a mobile account automatically when a user logs in.
If you don't enable the creation of mobile accounts, the user logs in using a network account. When you enable mobile accounts, a local home folder is created for the user at first login.
If client machine is joined to Auto Zone, please enable group policy "Enable Auto Zone user home directory" under
> Computer Configuration
> Policies
> Centrify Settings
> DirectControl Settings
> Adclient Settings
in order to create mobile user. Otherwise, no mobile account will be created on client machine and local home directory will be used instead.
- Create mobile account even if user does not have a network home directory
Create mobile account for AD user regardless a network home is available for the user. It mitigates the chance that blocking user login when the machine is not connected to AD network.
- Require confirmation before creating mobile account
If you want the user to decide whether to enable a mobile account at login, select this option.
If this option is selected, the user sees a confirmation when logging in. The user can click "Create Now" to create a local home folder and enable the mobile account, click "Don't Create" to log in as a network user without enabling the mobile account, or click "Cancel Login" to return to the login window.
- Show "Don't ask me again" checkbox
If you select this option, the dialog allows the user to prevent the display of the dialog on that computer. If the user selects "Don't ask me again" and then clicks "Don't Create", he or she isn't asked to create a mobile account on that computer. The user can hold down the Option key during login to redisplay the dialog.
- Create home using network home and default sync settings
To initially sync local and network homes so that the network home folder replaces the local home folder, select this option.
- Create home using local home template
To create the local home folder using the local home template, select this option.
If you sync the local and network homes folders, the default Mac OS X sync settings (those in the Accounts pane of System Preferences) are enabled. If you create the local home folder using the local home template, the default Mac OS X sync settings are disabled. In both cases, managed sync settings apply.
Once enabled, this group policy takes effect when users log out and back in.
=== Preventing the Creation of a Mobile Account ===
To prevent the creation of mobile accounts, you need to enable this policy and deselect "Create mobile account when user logs in to network account".
If you do not enable this policy and you allow the user to access the Accounts pane of System Preferences, network users can create their own mobile accounts.
Registry Hive | HKEY_CURRENT_USER |
Registry Path | Software\Policies\Centrify\CentrifyDC\Settings\MacMCX\Mobility\108 |
Value Name | MobileAccountCreation |
Value Type | REG_SZ |
Enabled Value | 1 |
Disabled Value | 0 |
Registry Hive | HKEY_CURRENT_USER |
Registry Path | Software\Policies\Centrify\CentrifyDC\Settings\MacMCX\Mobility\108 |
Value Name | EnableSynchronization |
Value Type | REG_SZ |
Default Value | 0 |
True Value | 1 |
False Value | 0 |
Registry Hive | HKEY_CURRENT_USER |
Registry Path | Software\Policies\Centrify\CentrifyDC\Settings\MacMCX\Mobility\108 |
Value Name | MobileAcctWithoutHome |
Value Type | REG_SZ |
Default Value | 0 |
True Value | 1 |
False Value | 0 |
Registry Hive | HKEY_CURRENT_USER |
Registry Path | Software\Policies\Centrify\CentrifyDC\Settings\MacMCX\Mobility\108 |
Value Name | MacMCXSyncRequireConfirmation |
Value Type | REG_SZ |
Default Value | 1 |
True Value | 1 |
False Value | 0 |
Registry Hive | HKEY_CURRENT_USER |
Registry Path | Software\Policies\Centrify\CentrifyDC\Settings\MacMCX\Mobility\108 |
Value Name | cachedaccounts.WarnOnCreate.allowNever |
Value Type | REG_SZ |
Default Value | 1 |
True Value | 1 |
False Value | 0 |
Registry Hive | HKEY_CURRENT_USER |
Registry Path | Software\Policies\Centrify\CentrifyDC\Settings\MacMCX\Mobility\108 |
Value Name | com.apple.cachedaccounts.CreatePHDAtLogin |
Value Type | REG_SZ |
Value | 1 |
Registry Hive | HKEY_CURRENT_USER |
Registry Path | Software\Policies\Centrify\CentrifyDC\Settings\MacMCX\Mobility\108 |
Value Name | com.apple.cachedaccounts.CreatePHDAtLogin |
Value Type | REG_SZ |
Value | 0 |