How to Configure Mobility Settings on Lion Server Notebook Clients

By John Rizzo from Mac OS X Lion Server For Dummies

When a mobile account is enabled in Lion Server, the user can log out and log in again without being attached to the network where the account data resides. After returning to the network and reconnecting to the directory, the local cached authentication data is resynchronized, and any updates to the LDAP or password data are cached again on the local system.

Here’s an example of how to configure the mobility settings for a computer group. To set up the mobile account, do the following:

Open Workgroup Manager and connect to the shared directory.
In Workgroup Manager, click the Accounts icon in the toolbar and then click the Computer Groups tab above the list of accounts.

The Computer Groups tab is the icon represented by two overlapping squares, the fourth tab following the Users tab, Groups tab, and Computers tab.

If your planning leads you to manage individual user accounts, groups of users, or individual computers, select that account instead of the computer group in Workgroup Manager.
Click the Preferences icon in the toolbar.

The right side of Workgroup Manager displays the icons for the various managed preferences.

Note the small, dark gray circle enclosing a mouse pointer next to the Mobility icon. This indicates that the preferences are being managed for the selected account.
Click the Mobility icon.
Select the Account Creation tab and then click the Creation subtab.
By default, Manage is set to Never; select Always.

Preferences can be managed never, once, or always in Workgroup Manager. These are called enforcement settings. Once isn’t an available option for some mobility settings.
Select the Create Mobile Account When User Logs in to Network Account check box.

Selecting this option creates the mobile account on the local hard drive of a Mac OS X system.
(Optional) Deselect the Require Confirmation Before Creating Mobile Account check box to keep the user from having to confirm mobile account creation.

(Optional) Deselect the Show “Don’t Ask Me Again” check box to prevent the user from having to confirm again when she logs in to a managed computer.
(Optional) Choose how a new home folder is created by selecting Network Home and Default Sync Settings or Local Home Template.

The first option uses a network volume and creates either a network home or a portable home, depending on the sync settings in the Rules tab. The second choice (Local Home Template) uses the default home folder settings on the local hard drive.
Click the Apply Now button to save the settings.
(Optional) Click the Options subtab under the Account Creation tab.

Here, you have choices for creating a FileVault-encrypted home folder and deciding where the users’ home folders will be created. Click Always to manage these settings. Enable FileVault by selecting the Encrypt Contents with FileVault check box.
(Optional) If using FileVault, under the Options subtab, select either the Use Computer Master Password, If Available or the Require Computer Master Password check box.

You select the second choice if you want to require and verify a valid master password on the local system.

A master password is the critical fail-safe for encrypted FileVault home folders. It provides the ability to restore access to an encrypted account if the user forgets his password.

The remaining choices under the Options subtab set where the home folder is stored. By default, On Startup Volume is selected.

The other choices are At Path, with a field to enter the specific location in the file system where the home folder will be stored; and User Chooses, with a pop-up menu. The pop-up menu choices are Any Volume, Any Internal Volume, and Any External Volume. By choosing Any Volume or Any External Volume, the user can create an external account.
After making any changes, click the Apply Now button to save your settings.