Configure mobile account creation

Enable this group policy to configure mobile account creation.


- Create mobile account when user logs in to network account

Select this option to create a mobile account automatically when a user logs in.

If you don't enable the creation of mobile accounts, the user logs in using a network account. When you enable mobile accounts, a local home folder is created for the user at first login.

If client machine is joined to Auto Zone, please enable group policy "Enable Auto Zone user home directory" under
> Computer Configuration
> Policies
> Centrify Settings
> DirectControl Settings
> Adclient Settings
in order to create mobile user. Otherwise, no mobile account will be created on client machine and local home directory will be used instead.

- Create mobile account even if user does not have a network home directory

Create mobile account for AD user regardless a network home is available for the user. It mitigates the chance that blocking user login when the machine is not connected to AD network.


- Require confirmation before creating mobile account

If you want the user to decide whether to enable a mobile account at login, select this option.

If this option is selected, the user sees a confirmation when logging in. The user can click "Create Now" to create a local home folder and enable the mobile account, click "Don't Create" to log in as a network user without enabling the mobile account, or click "Cancel Login" to return to the login window.


- Show "Don't ask me again" checkbox

If you select this option, the dialog allows the user to prevent the display of the dialog on that computer. If the user selects "Don't ask me again" and then clicks "Don't Create", he or she isn't asked to create a mobile account on that computer. The user can hold down the Option key during login to redisplay the dialog.


- Create home using network home and default sync settings

To initially sync local and network homes so that the network home folder replaces the local home folder, select this option.


- Create home using local home template

To create the local home folder using the local home template, select this option.


If you sync the local and network homes folders, the default Mac OS X sync settings (those in the Accounts pane of System Preferences) are enabled. If you create the local home folder using the local home template, the default Mac OS X sync settings are disabled. In both cases, managed sync settings apply.

Once enabled, this group policy takes effect when users log out and back in.

=== Preventing the Creation of a Mobile Account ===

To prevent the creation of mobile accounts, you need to enable this policy and deselect "Create mobile account when user logs in to network account".

If you do not enable this policy and you allow the user to access the Accounts pane of System Preferences, network users can create their own mobile accounts.

Supported on:

Registry HiveHKEY_CURRENT_USER
Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\MacMCX\Mobility\107
Value NameMobileAccountCreation
Value TypeREG_SZ
Enabled Value1
Disabled Value0

Create mobile account when user logs in to network account
Registry HiveHKEY_CURRENT_USER
Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\MacMCX\Mobility\107
Value NameEnableSynchronization
Value TypeREG_SZ
Default Value0
True Value1
False Value0
Create mobile account even if user does not have a network home directory
Registry HiveHKEY_CURRENT_USER
Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\MacMCX\Mobility\107
Value NameMobileAcctWithoutHome
Value TypeREG_SZ
Default Value0
True Value1
False Value0
Require confirmation before creating mobile account
Registry HiveHKEY_CURRENT_USER
Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\MacMCX\Mobility\107
Value NameMacMCXSyncRequireConfirmation
Value TypeREG_SZ
Default Value1
True Value1
False Value0
Show "Don't ask me again" checkbox
Registry HiveHKEY_CURRENT_USER
Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\MacMCX\Mobility\107
Value Namecachedaccounts.WarnOnCreate.allowNever
Value TypeREG_SZ
Default Value1
True Value1
False Value0
Create home using:


  1. network home and default sync settings
    Registry HiveHKEY_CURRENT_USER
    Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\MacMCX\Mobility\107
    Value Namecom.apple.cachedaccounts.CreatePHDAtLogin
    Value TypeREG_SZ
    Value1
  2. local home template
    Registry HiveHKEY_CURRENT_USER
    Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\MacMCX\Mobility\107
    Value Namecom.apple.cachedaccounts.CreatePHDAtLogin
    Value TypeREG_SZ
    Value0


centrify_mac_settings.admx

Administrative Templates (Computers)

Administrative Templates (Users)