Account Creation and home folders

Similar Messages

• Change account username and home folder issue

  Hello guys,
  Apple store re-installed Yosemite v10.10 on my MBA early 2014 (128gb, 4gb)
  I wanted to change the account username and the home folder name after installation however I think I did it the wrong way to start with
  Step1
  I went into System Preference > User Groups, unlocked padlock, ctrl+click on the admin account > advanced options and replaced account name and home folder name with new name (e.g. my computer). Both match.
  Relocked padlock, quit system preferences. Rebooted.
  Step2
  Then I realised that what I did, so I have did it all again after reading Change your OS X account name and home directory name - Apple Support
  Could you please tell me whether step1 and step2 might have corrupted the operating system (e.g. legacy preferences, etc, etc)? How can I check that?
  Thank you for your support.

  Eric, thank you.
  Actually Keychain access app has been malfuncitoning since Yosemite was installed and username and home folders were renamed.
  Sintomps
  the following services and apps keeps asking to use "Login" keychain
  - Messages
  - Calendar Agent
  - Safari
  - ScopedBookmarkAgent
  - accountds
  - com.apple.helper
  I always lock keychain. Keychain is sync with admin account password. Keychain verified and repaired. No problems found
  I have followed this tutorial with no good result
  OS X Mavericks v10.9.1: Repeated prompts to unlock "Local Items" keychain  PS: the alpha numeric folder in ~/Library/Keychains/ starts with letter b not letter A as suggested in the tutorial
  Resetting your keychain in Mac OS X
  OS X: Keychain Access asks for keychain "login" after changing login password
  What are you thoughts? Thank you for your support.

• Network accounts with local home folders

  First of all sorry for my bad english.
  I want to obtain network accounts with local home folders.
  I have found this post very interesting to solve my problem.
  http://discussions.apple.com/message.jspa?messageID=2140595#2140595
  Following this indications I have obtained it but I dont see the Public folder of any home folder from the network.
  How I can solve this? I must share the Public folders manually? How? I have proven with SharePoints 3.5.4 and I have not obtained it.
  Thanks
  iMac Intel Core Duo   Mac OS X (10.4.6)  

  Hi
  Clients should be bound to Open Directory and be using the OD Master for their DNS. Launch WorkGroup Manager and authenticate to the LDAP node. If you have only a few Users you can do it at that Level if hundreds do it at Group Level. Select Preferences > Mobility. It's fairly obvious thereafter.
  After the home folder has been created you can make that account a local administrator if you wish.
  This assumes the Server has been configured as Advanced. Please don't take this advice if you've used anything else.
  Tony

• Mobile Account Creation and old topic

  http://discussions.apple.com/thread.jspa?threadID=1786733&tstart=1 -- This was never successfully answered and has been archived and marked as so?
  The problem it turns out, is that Leopard doesn't seemingly like the AD user's home folder location. I've verified this still as an issue today, on 10.5.7. I tried to create a mobile account for a user on a new laptop i got -- it would prompt me for the password three times, saying it's incorrect each time before the account creation is canceled.
  If in Server 03 AD tools you first switch that user's "Home Directory" to local (or a mac server), this issue will not persist. On the AD Binding/Directory utility un-check "Require Confirmation" before creating a mobile account.
  Then you should be able to log out and login as the user (may have to first delete the user's local directory if one has been created under "Users"), so long as the Home folder is set in AD to a location that is seemingly 'agreeable' with the mac os.
  Message was edited by: Oh4Sh0

  The usual approach with Open Directory is to either use Workgroup Manager to define a managed login preference for a computer group to define that those member computers should cause the use of mobile accounts on those computers, or to do the same thing via Profile Manager.
  Note: If you are using Mavericks you must use Profile Manager as it does not support this via Workgroup Manager managed preferences.
  This will not require users to need admin authorisation.

• Mobile Accounts not copying home folders to local machine

  Having recently upgraded my MacBook to 10.5 (and having a 10.5 server) I have noticed an error with mobile accounts. My account has not synced for a couple of weeks and I have checked all the directory settings and cannot see any errors.
  I've removed all directory services and rebooted, put them back and it will create a mobile account but nothing is being copied to the local hdd. So basically it is functioning like a network account rather than a mobile one.
  This works fine on our 10.4 clients but having tried different users on my 10.5 system it does the same....creates the account, mounts the server but does nothing else.
  This means when you sync it says its complete but does nothing...its like its lost permissions to the folder on the server but that seems very odd.
  Anyone else had issues with 10.5? We have an AD server with our users and a 10.5 server with OD replicating AD and holding the home folders.

  Are you still ahving this issue?
  Would you do like geekinit in this thread and post some partial screen grabs (although is problem included Windows server Active Directory and profile Manager which I will get up to soon.)
  Unable to deploy home folder mobility settings through an Apple MDM server
  Did you create a fileshare for Local Network accounts to put their stuff
  If so where is OS X server?
  Did you tell the user in OD to use that fileshare?
  Here's a screen grab example
  Francois.

• Windows 8 Sysprep - Can't skip local account creation and autologon fails, wrong admin password.

  Using Windows 8 x64 Enterprise, Sysprep pauses to ask me to create a local user, which I don't want.
  If I enable SkipSystemOOBE and SkipUserOOBE in OOBE under Microsoft-Windows-Shell-Setup sysprep (in oobe mode) will skip user creation and autologon works.  But it only works correctly once.  If I run sysprep again, when it tries to autologon
  it will say that I have the wrong password for the local account.  After I type in the password manually it works.  If I use the same password for the local administrator account as for the autologon account, it looks to have the encrypted password
  twice with an equal sign after it.
  What I need to know:
  How to skip local user account creation (we run on a domain but I have it connect through scripts later)
  How to fix the autologon issue
  Do I need the local administrator account enabled for this to work?
  I have my unattend.xml file attached.
  <?xml version="1.0" encoding="utf-8"?>
  <unattend xmlns="urn:schemas-microsoft-com:unattend">
  <settings pass="oobeSystem">
  <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <AutoLogon>
  <Password>
  <Value>[removed]</Value>
  <PlainText>false</PlainText>
  </Password>
  <Username>[removed]</Username>
  <LogonCount>2</LogonCount>
  <Enabled>true</Enabled>
  </AutoLogon>
  <FirstLogonCommands>
  <SynchronousCommand wcm:action="add">
  <Order>1</Order>
  <CommandLine>c:\folder\abatchfile.bat</CommandLine>
  <RequiresUserInput>false</RequiresUserInput>
  </SynchronousCommand>
  </FirstLogonCommands>
  <OOBE>
  <HideEULAPage>true</HideEULAPage>
  <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
  <HideOnlineAccountScreens>true</HideOnlineAccountScreens>
  <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
  <NetworkLocation>Work</NetworkLocation>
  <HideLocalAccountScreen>true</HideLocalAccountScreen>
  <ProtectYourPC>3</ProtectYourPC>
  </OOBE>
  <TimeZone>Eastern Standard Time</TimeZone>
  <DisableAutoDaylightTimeSet>false</DisableAutoDaylightTimeSet>
  <RegisteredOrganization>Company Name</RegisteredOrganization>
  <RegisteredOwner>CompanyName</RegisteredOwner>
  </component>
  <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <UserLocale>en-US</UserLocale>
  <UILanguage>en-US</UILanguage>
  <SystemLocale>en-US</SystemLocale>
  <InputLocale>en-US</InputLocale>
  </component>
  </settings>
  <settings pass="specialize">
  <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <ComputerName>*</ComputerName>
  </component>
  </settings>
  <cpi:offlineImage cpi:source="wim:[removed]/sources/install.wim#Windows 8 Enterprise" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
  </unattend>

  The user accounts-creation page in Windows Welcome is suppressed if a user or a group is added to a local security group. Add a user or a group to a local security group by doing one of the following:
  Create a local user.
  Add a domain user to a local security group with the Microsoft-Windows-Shell-Setup | UserAccounts unattended installation setting.
  To suppress the user accounts-creation page in Windows Welcome, without creating a local user, use one of the following workarounds:
  Workaround 1
  If the computer is already joined to a domain, use the following XML example to add the Domain Users security group to the Local Users security group.
  <DomainAccounts>
   <DomainAccountList wcm:action="add">
    <DomainAccount wcm:action="add">
    <Group>Users</Group>
    <Name>Domain Users</Name>
    </DomainAccount>
    <Domain>FabrikamDomain</Domain>
    </DomainAccountList>
  </DomainAccounts>
  Because joining a domain automatically adds the Domain Users security group to the Local Users security group, the DomainAccounts command does not affect the membership of the Local Users group. However, using this XML example to join a domain will also suppress
  the user accounts-creation page in Windows Welcome.
  Workaround 2
  Use the Sysprep/Quit command to set the following registry value to 1:
  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OOBE\UnattendCreatedUser
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”

• Steps to upgrade and move server and home folders to new box

  Hi All,
  Can anyone outline the steps I should take to move my 1200 users from a G4 PowerMac Server 10.4.11 to an Intel Mac 10.5.6 and move home folders to a new drive on the new box? Can it be as simple as using the migration tool and connecting up the firewire cable? And what about the fact that the IP will need to be the same?
  Many thanks for any hints,
  ...Tom

  Unfortunately, it is not as simple as using the Migration Assistant.
  Please refer to the following guide from Apple:
  http://images.apple.com/server/macosx/docs/Upgradingand_Migrating_v10.5_2ndEd.pdf
  You are migrating from 10.4 to 10.5, so read that section carefully. There are still quirks in the 2nd edition of this guide, where it tells you to do extra stuff, but it won't hurt.
  If you have another IP address available, use that in combination with a temporary hostname until everything is setup. Afterwards, turn down the old server and use the changeip command on the new server.
  Schedule your migration to a long window of opportunity when the least amount of people are going to need it - like Friday evening (then take Monday off).

• User account name and home directory name do not match

  A month ago I bought the latest iMac and used Migration assistant to migrate all of my data on over.
  Everything went well... Except that my new iMac would not let me use my old user name. I had to create somethign else.
  So my user (admin) account name is not the same as my Home directory name. (I only have 1 user account and 1 user Home directory... they both are named differently).
  This has not caused problems, but I want to iron this out. I tried using System Preferences/Users and groups to change my user account name to match the name of my home directory name (which has my old user name)... but when I did that it said "Name not available".
  Long time Mac user but I'm not comfortable doing anything deeper without some input & advice.
  Thanks in advance!

  I enable the Root user as outlined in the Apple Way instructions...logged out and loged in as the rooot user... but I really don't want to change the name of my user directory... That's the name I want to keep as a User.
  Even logged in as a Root User...
  I tried to change my current User Name to match by directory name, but it said Name is Not Available
  I also tried to create a new User name that matches my directory name...same results Name is Not Available
  Is there a sudo entry that will change the User to match my Directory name (which I want to keep and use)?
  Thank in advance!

• 10.5.2 and Windows 2003 Domain and Home Folders

  Hello,
  This has probably been beaten to death but cant seem to find the answer that I'm looking for.
  I can add the mac to the 2003 domain fine with no problems and can get the user authentication fine, access to the network shares and printers.
  The question that I had was is there a way to have the mac user's home folder map directly to the user share off the server like you would on a windows side?(ie like the roaming profile)
  I have tried all the options for the home folder setup under the directory access utility but it only mounts the share as a share and you have to manually copy over data if you want it to save on the server. Or is there some way to synchronize it when you log off?
  Message was edited by: T Poulter

  actually don't need to know now. customer only wanted entourage to connect to exchange, found out after getting more details

• Account creation and use...

  I created a skype account from Arizona, US for my mother that lives in San Diego, US... The account has been created correctly, I can login from my computer...
  But, my mother cannot login from her computer in another state...
  Should this be happeneing? or is my mom inputing the wrong name and pass?
  Thanks in advance,
  Kyle

  The problem is at your mother's end, either with your computer or how she's trying to login.   There's no restriction anywhere in the world to where you can signon to aSkype account, with the possible exception of a few countries where the government blocks Skype access.
  Are you sure that your mom has the Skype program installed on her PC, and that she's not trying to logon through the Skype website?
  Please note: I do not respond to requests for help via Private Message.

• [Solved] Organize the /etc/ /opt/ and /home w/o breaking anything?

  + What are the common organizing tactics that you use?
  For example, if you're going to install anything, where do you put it, how do you do it with out breaking anything, etc.
  My /etc/ /opt/ and /home folders are getting out of hand.
  For my home folder, I have:
  Desktop, Downloads, Dropbox (the only ones that I want here), meteor, node, nvm, nplay, pkg, python2-psutil, python26, src, sublime-text-2, try-meteor, packer (file), pacman.conf (file), and dead.letter (file).
  How do I move these without breaking anything?
  For my /etc/ I have:
  adjtime (file), adobe, anacrontab (file), arch-release (file), asound.conf (file), at-spi2, avahi, bash.bash_logout (file), bash.bashrc (file), bash_completion.d, binfmt.d, bluetooth, ca-certificates, ca-certificates.conf (file), chromium, colord.conf (file), conf.d, couchdb, cron.d, cron.daily, cron.deny (file), cron.hourly, cron.monthly, cron.weekly, crypttab (file), cups, dbus-1, dconf, default, depmod.d, dhcpcd.conf (file), drirc (file), enviroment f(ile), fonts, fstab (file), fuse.conf (file), gai.conf (file), gconf, gdm, geoip, group (file), group- (file), grub.d, grub-cutomizer, gshadow (file), gshadow- (file), gssapi_mech.conf (file), gtk-2.0, gtk-3.0, host.conf (file), hostname (file), hosts (file), ifplugd, iftab (file), ImageMagick-6, inputrc (file), iproute2, iptables, issue (file), java-70openjdk, kernel, krb5.conf (file), ld.so.cache (file), ld.so.conf (file), ld.so.conf.d, libnl, libreoffice, locale.conf (file), locale.gen (file), localtime (file), localtime (file), login.defs (file), logrotate.conf (file), logrotate.d, lvm, lxdm, machine-id (file), mail.rc (file), makepkg.conf (file), man_db.conf (file), mdadm.conf (file), mercurial, mine.types (file), mke2fs.conf (file), mkinitcpio.conf (file), mkinitcpio.d, modprobe.d, modprobe.dconf (file), modules-load.d, motd (file), mtab (file), nanorc (file), netconfig (file), network.d, NetworkManager, ncsd.conf (file), nsswitch.conf (file), obex-data-server, odbc.ini (file), ODBCDataSources, odbcinst.ini (file), openldap, os-release (file), pacman.conf (file), pacman.d, pam.d, pango, passwd (file), passwd.OLD (file), passwd- (file), pcmcia, pkcs11, pkgtools, pm,  polkit-1, ppp, profile (file), profile.d, protocols (file), pulse, rc.d, rc_keymaps, rc_maps.cfg (file), redis.conf (file), request-key.conf (file), request-key.d, reolv.conf (file), rpc (file), salt, securetty (file), security, services (file), shadow (file), shadow- (file), shells (file), skel, speech-dispactcher, ssl, sudoers (file), sudoers.d, sysctl.conf (file), sysctl.d, systemd, tmpfiles.d, tor, totem, udev, udisks2, updatedb.conf (file), UPower, vdpau_wrapper.cfg (file), wgetrc (file), wpa_supplicant, X11, xdg, xinetd.d, xml, and zsh.
  How do I learn what can be deleted here and how do I move things without breaking anything in /etc/? Is there a program that highlights what's important, what can be moved, etc.?
  For my /opt/ I have:
  android-sdk, dropbox, and tor-browser-en.
  This doesn't bother me, but I can see that somewhere in the future where it can get cluttered.
  I also have created a folder on my root called ptmp and am using it to store my packertmp-0 files since my tmp folder gave me an error. I want to do things right and not get that cluttered too. So if you know about this check the thread out here
  As a new Arch Linux user, coming from Windows 8, everything is great except a few minor annoyances. I give it an 7.8/10 for bring stable.
  I will open up new threads for the following, but here are the few minor annoyances I still have:
  If I edit what show up on my main menu (with main menu, not menu editor [from gnome]), somehow things get re-highlighted as if I clicked restore to defaults-- so I can't edit what I don't want to show up in my main menu anymore.
  I forgot what file I edited that I made Chromium run at startup and now it slows things down by running at startup.
  I couldn't exchange nautilus for dolphin (I like dophin better), and couldn't get xmonad going although I got the dependancies installed (Haskell, etc.). It throws me this error:
  Please check the file for errors.
  /home/jayvan/.xmonad/xmonad-x86_64-linux: executeFile: does not exist (No such file or directory)
  xmonad:
  xmessage: executeFile: does not exist (No such file or directory)
  X Error of failed request:  BadAccess (attempt to access private resource denied)
    Major opcode of failed request:  2 (X_ChangeWindowAttributes)
    Serial number of failed request:  7
    Current serial number in output stream:  8
  I can't remove the Universal access applet. I don't need it. This should be removable.
  There is no longer a high performance, low performance, balanced option for battery consumption. This should make a comeback.
  I somehow edited my information of my user and it's not editable through system settigns. It shows my company, phone number, etc. I manually entered a command that I forgot in the terminal that did this. I'm not sure. This should be easily editable in Gnome 3. I don't know why it isn't.
  I've created a news user and don't know how to delete it.
  I couldn't get mp3tag to work with packer because it didn't have a PKGFILE. Will be trying to manually make it some time later, but it should be fixed in the AUR.
  I would like to uninstall the Epiphany Browser. Desktop Search, Power Statistics but don't know how. I know it's -Rns.
  Sublime Text 2 doesn't show up as a desktop item in the applications folder, I have to go to the folder and click sublime_text to launch it.
  When I change YouTube to anything higher than 240p, it doesn't play and I have to refresh it.
  Grub-sustomizer should come installed with Gnome, especially for those that want to dual boot Android OS (x86) or anyhting else. In fact, in the installation guide there should be a warning that if you plan to install another OS like Android OS (x86) you should partition an extra 16 GB as ext3, or if you want to install another Linux distro to partition an extra 20GB as ext4.
  There isn't any multitouch gestures pre-installed that I can configure. I'll see if they even exist.
  I haven't check but I'm not sure if there is a good screen capturing app.
  Last, so I can switch all my friends to Arch, they've already taken an interest an I plan to do a blog post about it once I feel confident, how can I customize this scrip to install the apps I already have installed?
  I'll get to posting these in seperate threads right now.
  Last edited by jjshinobi (2013-04-09 19:57:23)

  Ohhh man, you're making me nervous! Are you copying your files around your operating system yourself?
  jjshinobi wrote:What are the common organizing tactics that you use?
  The answer to your question is, I don't organize anything. Instead, pacman keeps track of all the files.
  The only files you should need to worry about are what's in "/home". You can organize that however you want. If you have many ebooks, create a directory called "Books". Whatever.
  Your story kind of reminds me of my roommate in college. As soon as he finished installing Windows XP, he would go through the entire directory structure and delete anything that was "unnecessary". It kind of scared me.
  But fortunately, we don't have to do that with Arch Linux. Pacman takes care of everything, and it's super easy to create your own package.

• How to prevent creation of My * folders on Home drive

  First a little background. Our enterprise (some 11,000+ computers) utilize Active Directory to manage user logons and credentials. Every user has a home drive mapped to one of our many servers as part of their Active Directory profile. As a matter
  of policy, users are prohibited from storing images, videos and audio on any of the servers. These files instead may be located on the users workstation.
  More to the point now.
  All of the home drives are proliferated with numerous My Music, My Pictures and My Video folders, all of which are empty and unused. If it were not for the fact that these folders turn up not only in the root of the home folder, but also in the My Documents
  folder and even in sub folders deep within the file structure, we would not be concerned. Deleting these empty folders does no good as they are immediately recreated when the user logs in again.
  Is there a way to prevent the creation of these folders in the home drive? 

  Hi,
  We could not delete My Music, My Pictures and My Video folders, but we could redirect these folders to another drive or a network share.
  For more detailed information, please see:
  Folder Redirection Overview
  http://technet.microsoft.com/en-us/library/cc732275.aspx
  Regards,
  Mandy
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• How do i reconnect mobile account home folders after re-install?

  we have problems with our server interfering with the college server. It kept changing our hostname so i had to enable DNS on the second ethernet port on xserve which prevented it from changing it but now is messing up the network as our server is being used for dns by the rest of the college. So i either need to restrict our dns to only answer queeries from specific addresses i.e my laptop and colleagues and forward all of the rest to another dns server. Or i have to re-install the osx server software and change the name to correspond with their servers given name for our xserve. The problem with re-installing it is that the students have a lot of work in their home folders which i can't loose. But i'm aware that the mobile accounts will be tied to the old domain name. Is their any tips you can give us so that i don't loose their home folders and it will sync back the client machines after i have put the new domain name on. I'm also aware that you can export the usernames from workgroup manager but not the passwords. Is there anything else i need to do so that i can just reconnect their accounts to the existing home folders after re-install? In other words i need to know the easiest way to do this to reduce dissruption to students files? Any ideas would be greatly appreciated! Also will i have to delete the students local folders on their imacs and sync back from the server again?

  ok reinstalled everything dns seems to be working have done sudo changeip -checkhostname and it says that both names match but then i started open directory and can't seem to get Kerberos started, i've tried changing it to stand alone then back again but it does nothing. I'm wondering why this would happen? i've tried adding a kerberos record but it doesn't do it just does nothing so i don't know what i'm doing wrong. I wondered if it might be a problem with the two network cards and dns as on ethernet one it is getting the dns name xserve.xxxx.ac.uk (which matches what the college server wants to call us) but on ethernet 2 gets xserve-2.local because it tells me that it already exists on ethernet one and renames it to this. I need to set up NAT so have ethernet coming in on port one and out again on port two. I wonder if my dns is backwards as its got the 192. address the NAT uses but its linked to the ethernet port one dns maybe this is the problem. would this cause open directory not to start kerberos?

• Erase mobile account home folders script

  does anyone know of a script that will erase all of the mobile account home folders on local machines while keeping the admin and other local account folders in place??

  Here is a script I've used to flush all Portable Home Directories (Run as "root" user) --> http://homepage.mac.com/applesd/downloads/flush-phds-script.zip

• Network home folders, collaboration sharepoint and Microsoft Word 2008

  I'm hoping someone who knows how Microsoft Word 2008 works on network volumes can shed some light on our situation.
  We run a small managed network with about 15 leopard clients and a leopard server. We've got two sharepoints, a "homes" share for network home folders, and an "Office" share with our shared office document folders.
  Several times a week, users will encounter a situation where Microsoft Word 2008 will claim that a file is open by another user, or that the file can be opened in "read only" mode, even though the file is not in use. Naturally, the problem cannot be replicated when I am present.
  ### My Hypothesis ###
  My users are in the habit of quickly borrowing machines from other users to pull up documents in the "office" share by using the "connect as" button. So, for example, userA is logged in to her machine (and is thus connected to the network home folder on the server). userB comes along and borrows her machine -- without logging out, will connect to the shared office folder, pull up and edit/print a document, etc. We're not currently auto mounting the office share.
  I know that Microsoft Word creates lock folders located in the .TemporaryItems folder at the root level of the "office" share. The folders are named "folder.xxxx", where xxxx is the userid of the account that created the lock folder. Everyone uses a network account, so everyone has a unique userID. If I list the .TemporaryItems folder using the CLI, i can see lock folders that are several days or a week old. So Word doesn't seem to be cleaning up after itself immediately, at least not always.
  So my question: when userB connects to the office share on a borrowed machine (logged in to the client machine using the network home folder of userA), is it possible that word will now create lock folders for userB, and will be unable to clean up lock folders created by userA?
  Anyone have other ideas for investigating the "file in use" problem?

  Switched user back to the network home folder and adjusted the MS Word preferences so that the autorecovery files would be stored on the local client machine. There doesn't seem to be a comparable setting in the Excel preferences.
  My initial testing suggests that this has reduced how often this problem occurs, but has not eliminated it. I tested by repeatedly opening and closing a couple of different word files in rapid succession -- i was able to replicate the "file opens as read only" problem occasionally.
  I've talked to Apple server support about this issue. While they were helpful, they didn't have an explanation or solution for this problem. There are a number of postings in the microsoft mactopia discussion boards site where people report similar problems.