Enable this group policy to configure mobile account options, including FileVault settings and home folder location.
Mobile account options will only take effect when a new mobile user is being created during login. This policy will not affect an existing mobile user.
=== FileVault ===
you can use FileVault to encrypt the local home folders for their mobile accounts. FileVault encrypts the user's local home folder using the Advanced Encryption Standard with 128-bit keys (AES-128). The home folder content is safe even if the user's computer is stolen or if an intruder attempts to use the computer while the user is not logged in.
The user's login password is used to decrypt and give the user access to his or her FileVault-protected account. If the user forgets the login password and a computer administrator has set a master password, the administrator can use the master password to unlock all local accounts.
You can choose whether to require master passwords when enabling FileVault protection for mobile accounts:
* If you don't require a master password and there is no master password, local computer administrators can't unlock the account.
* If you require a master password and there is no master password, the user can't enable a mobile account.
* If you select 'Require confirmation before creating mobile account' in "Create mobile account when user logs in to network account" policy, the user can log in with a network account. Network accounts don't have local home folders (preventing intruders from accessing home folder content).
If a mobile account is protected with FileVault, the user must be logged in to share files using File Sharing.
- Use master password, if available
If you select this option, the mobile account uses FileVault regardless of whether there is a master password already set.
- Require computer master password
If you select this option and there is no master password set, the user might be able to log in with a network account, depending on whether you selected 'Require confirmation before creating mobile account' in "Create mobile account when user logs in to network account" policy.
- Restrict size
If you enable FileVault, you can restrict the size of the local home folder.
By restricting the size of the local home folder, you prevent the user's local home folder from using more space than is available in the user's network home folder. This ensures that the home folders can sync without requiring more space than is available in the network home folder.
=== Home folder location ===
You can select the location of a mobile account's local home folder or you can let the user select the location. If you select the location, choose from one of the following.
- on startup volume
The local home folder is located on the startup volume in /Users/. This is the default location where the local home folders of mobile accounts on computers with Mac OS X v10.4 and earlier are stored.
- at path specified below
The local home folder is located at the path you specify.
You can specify a different volume by entering /Volumes/DriveName/Folder/, where DriveName is the name of the volume, and Folder is the folder in the volume.
If you don't specify a volume, the location is on the startup volume.
- user chooses ...
When users with mobile accounts log in, a window appears that allows them to choose a location for the local home folder. After they choose a location, the window only appears when a mobile account is being created. You can choose which types of volumes the user is allowed to choose from:
* any volume - volumes on internal or external hard disks
* any internal volume - volumes on internal hard disks
* any external volume - volumes on external hard disks
Registry Hive | HKEY_CURRENT_USER |
Registry Path | Software\Policies\Centrify\CentrifyDC\Settings\MacMCX\Mobility\107 |
Value Name | MobileAccountOptions |
Value Type | REG_SZ |
Enabled Value | 1 |
Disabled Value | 0 |
--- FileVault ---
Registry Hive | HKEY_CURRENT_USER |
Registry Path | Software\Policies\Centrify\CentrifyDC\Settings\MacMCX\Mobility\107 |
Value Name | EnableFileVault |
Value Type | REG_SZ |
Default Value | 0 |
True Value | 1 |
False Value | 0 |
Registry Hive | HKEY_CURRENT_USER |
Registry Path | Software\Policies\Centrify\CentrifyDC\Settings\MacMCX\Mobility\107 |
Value Name | RequireMasterPassword |
Value Type | REG_SZ |
Value | 0 |
Registry Hive | HKEY_CURRENT_USER |
Registry Path | Software\Policies\Centrify\CentrifyDC\Settings\MacMCX\Mobility\107 |
Value Name | RequireMasterPassword |
Value Type | REG_SZ |
Value | 1 |
--- Size ---
Registry Hive | HKEY_CURRENT_USER |
Registry Path | Software\Policies\Centrify\CentrifyDC\Settings\MacMCX\Mobility\107 |
Value Name | RestrictSize |
Value Type | REG_SZ |
Default Value | 0 |
True Value | 1 |
False Value | 0 |
Registry Path | Value Name | Value Type | Value |
---|---|---|---|
Software\Policies\Centrify\CentrifyDC\Settings\MacMCX\Mobility\107 | cachedaccounts.create.maxSize | REG_SZ | fixed |
Registry Hive | HKEY_CURRENT_USER |
Registry Path | Software\Policies\Centrify\CentrifyDC\Settings\MacMCX\Mobility\107 |
Value Name | cachedaccounts.create.maxSize.fixedSize |
Value Type | REG_DWORD |
Default Value | 250 |
Min Value | 4 |
Max Value | 2147483647 |
Registry Hive | HKEY_CURRENT_USER |
Registry Path | Software\Policies\Centrify\CentrifyDC\Settings\MacMCX\Mobility\107 |
Value Name | cachedaccounts.create.location |
Value Type | REG_SZ |
Value | startup |
Registry Hive | HKEY_CURRENT_USER |
Registry Path | Software\Policies\Centrify\CentrifyDC\Settings\MacMCX\Mobility\107 |
Value Name | cachedaccounts.create.location |
Value Type | REG_SZ |
Value | path |
Registry Hive | HKEY_CURRENT_USER |
Registry Path | Software\Policies\Centrify\CentrifyDC\Settings\MacMCX\Mobility\107 |
Value Name | cachedaccounts.create.location |
Value Type | REG_SZ |
Value | userPicksVolume |
Registry Hive | HKEY_CURRENT_USER |
Registry Path | Software\Policies\Centrify\CentrifyDC\Settings\MacMCX\Mobility\107 |
Value Name | cachedaccounts.create.location |
Value Type | REG_SZ |
Value | userPicksInternalVolume |
Registry Hive | HKEY_CURRENT_USER |
Registry Path | Software\Policies\Centrify\CentrifyDC\Settings\MacMCX\Mobility\107 |
Value Name | cachedaccounts.create.location |
Value Type | REG_SZ |
Value | userPicksExternalVolume |
Registry Hive | HKEY_CURRENT_USER |
Registry Path | Software\Policies\Centrify\CentrifyDC\Settings\MacMCX\Mobility\107 |
Value Name | cachedaccounts.create.location.path |
Value Type | REG_SZ |
Default Value |