Assigning user accounts on small network

Similar Messages

• Sharing an iTunes Library across multiple user account and a network.

  Sharing an iTunes Music Library across multiple user accounts.
  Hello Everybody!
  Firstly, this was designed to be run in Mac OS X 10.4 Tiger. It will not work with earlier versions of Mac OS X! Sorry.
  Here's a handy tip for keeping your hard drive neat and tidy, it also saves space, what in effect will be done is an iTunes music library will be shared amongst multiple users on the same machine. There are advantages and disadvantages to using this method.
  • Firstly I think it might be worthwhile to state the advantages and disadvantages to using this approach.
  The advantages include:
  - Space will be saved, as no duplicate files will occur.
  - The administrator will be able to have complete control over the content of the iTunes library, this may be useful for restricting the content of the Library; particularly for example if computer is being used at and education institution, business or any other sort of institution where things such as explicit content would be less favorable.
  - The machine will not be slowed by the fact that every user has lots of files.
  The disadvantages to this system include.
  - The fact that the account storing the music will have to be logged in, and iTunes will have to be active in that account.
  - If the account housing the music is not active then nobody can use the iTunes library.
  - There is a certain degree of risk present when an administrator account must be continually active.
  - Fast User Switching must be enabled.
  Overview:
  A central account controls all music on the machine/network, this is achieved by storing iTunes files in a public location as opposed to in the user's directory. In effect the system will give all users across the machine/network access to the same music/files without the possibility of files 'doubling up' because two different users like the same types of music. This approach saves valuable disk space in this regard and may therefore prove to be useful in some situations.
  This is a hearty process to undertake, so only follow this tutorial if you're willing to go all the way to the end of it.
  Process:
  Step 1:
  Firstly, we need to organize the host library, I tidied mine up, removing excess playlists, random files, things like that. this will make thing a bit easier in the later stages of this process.
  Once the library is tidied up, move the entire "iTunes" folder from your Home directory to the "//localhost" directory (The Macintosh HD) and ensure that files are on the same level as the "Applications", "Users", "Library" and "System" directories; this will ensure that the files in the library are available to all users on the machine (this also works for networks)
  Optionally you can set the ownership of the folder to the 'administrator' account (the user who will be hosting the library.), you may also like to set the permissions of 'you can' to "Read & Write" (assuming that you are doing this through the user who will host the library); secondly you should set the "Owner" to the administrator who will be hosting the library and set their "access" to "Read & Write" (this will ensure that the administrator has full access to the folder). The final part of this step involves setting access for the "Others" tab to "Read Only" this will ensure that the other users can view but not modify the contents on the folder.
  Overview:
  So far we have done the following steps:
  1. Organized the host library.
  2. Placed the iTunes directory into a 'public' directory so that other users may use it. (this step is essential if you plan on sharing the library across multiple accounts on the same machine. NOTE: this step is only necessary if you are wanting to share you library across multiple accounts on the same machine, if you simply want to share the music across a network, use the iTunes sharing facility.
  3. set ownership and permissions for the iTunes music folder.
  Step 2:
  Currently the administrator is the only user who can use this library, however we will address this soon. In this step we will enable iTunes music sharing in the administrator's account, this will enable other users to access the files in the library.
  If you are not logged in as the administrator, do so; secondly, open iTunes and select "Preferences" from the "iTunes" menu, now click the "Sharing" tab, if "share my library on my local network" is not checked, the radio buttons below this will now become active, you may choose to share the entire libraries contents, or share only selected content.
  Sharing only selected content may be useful if their is explicit content in the library and minors use the network or machine that the library is connected to.
  If you have selected "share entire library" go to Step 3, if you have selected share "share selected playlists" read on.
  After clicking "share selected playlists" you must then select the playlists that you intend to share across your accounts and network. Once you have finished selecting the playlists, click "OK" to save the settings.
  Overview:
  In this step we:
  1. Enabled iTunes sharing in the administrator's account, now, users on the local network may access the iTunes library, however, users on the same machine may not.
  Step 3:
  Now we will enable users on the same machine to access the library on the machine. This is achieved by logging in as each user, opening iTunes, opening iTunes preferences, and clicking "look for shared music". now all users on the machine may also access the library that the administrator controls.
  This in effect will mean that the user will not need to use their user library, it will be provided to them via a pseudo network connection.
  As a secondary measure, I have chosen to write a generic login script that will move any content from the user's "Music/iTunes/iTunes Music" directory to the trash and then empties the user's trash.
  This is done through the use of an Automator Application: this application does the following actions.
  1. Uses the "Finder" action "Get Specified Finder Items"
  1a. The user's "~/Music/iTunes/iTunes Music" folder
  2. Uses the "Finder" action "Get Folder Contents"
  3. Uses the "Finder" action "Move to Trash"
  4. Uses the "Automator" action "Run AppleScript"
  4a. with the following:
  on run {input, parameters}
  tell application "Finder"
  empty trash
  end tell
  return input
  end run
  IMPORTANT: Once the script is adapted to the user account it must be set as a login item. in order to keep the script out of the way i have placed it in the user's "Library" directory, in "Application Support" under "iTunes".
  Overview:
  Here we:
  1. Enabled iTunes sharing in the user accounts on the host machine, in effect allowing all users of the machine to view a single iTunes library.
  2. (Optional) I have created a login application that will remove any content that has been added to user iTunes libraries, this in effect stops other users of the machine from adding music and files to iTunes.
  Step 4:
  If it is not already enabled, open system preferences and enable Fast User Switching in Accounts Options.
  Summary:
  We have shared a single iTunes library across multiple user account, while still allowing for network sharing. This method is designed to save space on machines, particularly those with smaller hard drives.
  I hope that this hint proves to be helpful and I hope everybody will give me feedback on my process.
  regards,
  Pete.
  iBook G4; 60GB Hard Drive, 512MB RAM, Airport Extreme   Mac OS X (10.4.6)   iWork & iLife '06, Adobe CS2, Final Cut Pro. Anything and Everything!!!

  how to share music between different accounts on a single computer

• Migrate a Local User Account to a Network Account Shell Script

  http://support.apple.com/kb/HT5338?viewlocale=en_US&locale=en_US
  If you are looking for an easy way to migrate local users to network users without losing data, then try this script.
  Follow steps 1-10 in the support link above before running this script.
  1) Open /Applications/Utilities/Terminal.App
  2) Type vi myscriptname.sh
  3) type "i" to edit the document
  4) Copy and paste the following text in the terminal window
  #!/bin/bash
  echo "Go to http://support.apple.com/kb/HT5338?viewlocale=en_US&locale=en_US"
  echo "Complete steps 1-10 before continuing"
  echo -n "Enter 'USER' and press enter:"
  read USER
  echo -n "Enter 'SERVER' and press enter:"
  read SERVER
  sudo scp -Epr /Users/$USER root@$SERVER:/Users/
  sudo mv -f /Users/$USER /Users/$USER.old
  ssh root@$SERVER sudo chown -R $USER:staff /Users/$USER
  5) hit (ESC) then colon : and type wq! and hit return to save the document
  6) In Terminal type: chmod +x myscriptname.sh
  7) in Finder, Right Click or Control+Click myscriptname.sh and select open with
  8) Select "Show All Applications" and Navigate to /Applications/Utilities/terminal.App
  9) in Finder, Right Click or Control+Click myscriptname.sh and select get info / Open with and click "Change All" to open all .sh files in Terminal
  10) Double Click myscriptname.sh
  11) For USER enter the name of the network account
  12) For SERVER enter your server name (server.example.com)
  13) Enter the Admin Pass for the Local Machine, Then the Server, Then the server again
  14) The user folder will be renamed to user.old (bob.old)
  15) When you login as the network user account OS X Server Will copy your data to the local machine with Portable home directories
  16) Once you verify all the info is there you can delete the user.old folder from the /Users/ folder (bob.old)

  replace sudo scp -epr with sudo rsync -auvth if you do not want to waste space copying hardlinks

• Create user accounts on multiple networked computers

  I have a computer lab of 21 identical systems:  20 student computers and 1 instructor computer.  All are running Win 7 (32 bit).  They are connected via a simple Windows network.  I have 50 users, and I was wondering if I could simultaneously
  create local standard user accounts for each of them on all of my computers.  I know this is possible if I am running Windows Server, but I am not.  Will I be able to accomplish this using Windows 7 (Ultimate)?  Doing this one-by-one will be
  quite tedious, and probably not feasible given the allocated resources).  I am a novice, so perhaps I have omitted some key information.
  Thanks in advance.

  You can use VB script, and create multiple accounts on multiple computers.
  Follow this : http://blogs.technet.com/b/heyscriptingguy/archive/2009/03/23/how-can-i-create-the-same-user-account-and-password-on-multiple-computers.aspx
  Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
  the thread.

• Need help with network user accounts on Mac server App on Yosemite, any tips?

  I've been trying to set up a small network with the Server app on Yosemite. I don't want to do anything crazy with the server, I'd just like to know how I can set up network user accounts so that they can login from other Mac computers on the same network. I already have Open directory set up, the Macs that will be used on the network with the server have already been joined to the server under login options. I have created the network user account, I have also joined the user account to a group that I created. When I try to login to the network account from one of the Macs, it doesn't work. I'm pretty rookie with Mac server, can anyway give me any pointers of what I should be doing? Or if I am doing something wrong. Thanks guys.

  The most important step, once you've got Open Directory and DNS set up, with Local Network Users set up in Server.app, is to make sure that all client Macs are using the server's IP address as the primary DNS server in System Preferences > Network, and that they have joined the Network server in System Preferences > Users and Groups > Login Options.
  Having said all that, I have just spent hours setting this all up only to find out that Mail doesn't currently work with Network Homes in 10.10.3 / Server.app 4.1.
  I will be hoping that Apple recognise the bug, and put out a fix soon.

• Change NAME of User Account, Home Directory, Time Capsule and Network

  Hi All.
  I have a small home network and I would like to do this for all four of these.
  I think I have instructions on doing this for User Account, Home Directory and Time Capsule.
  Can anyone give me the "it is OK to do this" so I don't have to worry about something going wrong in the future?
  Also, can I do this for my network and does anyone know where I find this?
  Thanks.

  hotwheels 22 wrote:
  So I gather I cannot rename the name of the "Macintosh HD" which I guess is the name of my Hard Drive?
  Technically, it's the name of the OSX volume or partition, but is often just called your internal hard drive, since most folks only have one partition.  But some have multiple partitions, usually for dual booting, such as OSX and Windows; or Lion and Snow Leopard. 
  Yes, you can rename it easily (but you might check whether that will cause a problem with DejaVu).  It won't be a problem for Time Machine.
  Just right-click it in a Finder sidebar or on your desktop.  Do not use any slashes or colons, however -- you might want to avoid any punctuation or special characters.
  And then - In Accounts I have "Full Name" as literally my first and last name.
  Yes.   Each user account has a full name and a short name.  The full name isn't used for much.
  the HOME FOLDER is showing a totally different name than the "Full Name".
  Correct.  It's the same as the short name.
  So I set the HOME FOLDER name through some hocus pocus in the article and then what is the relationship between these things?
  The short name and the home folder name should be the same.  The article shows how to rename the home folder, create a new user account with a matching name, then delete the old account. 
  If you're not comfortable with the instructions in the article, I'd strongly advise not doing it.  You may end up having to do a full system restore.  I don't know, but perhaps your local Apple Store will do it for you.
  Functionally I have a HARD DRIVE and a HOME FOLDER and then the Full Name (listed in Accounts) is just sort of what I get called by...?
  The hard drive (OSX partition) is where your entire Snow Leopard installation is:  OSX itself, your Apple and 3rd-party apps, and one or more home folders.  (Many folks who share a Mac have separate home folders for each user.)
  have I been smoking?
  No comment. 

• Lost Mail on Network User Accounts

  This problem has happened several times and I am pretty sure it relates to using Network User accounts. We're running Tiger server and all user accounts are stored on the server. We are using POP mail that is hosted externally.
  A user logs in to his account. There are unread messages and the user starts to read them and reply to email. An hour or two goes by and when the user tries to read an unread email, the email disappears in the list when clicked, along with all the emails that had been received or sent since the last time he had logged into his user account.
  There is no trace of the lost mail in the library on the server. If this isn't weird enough, the incoming mail on the ISP host account when accessed by webmail, is either gone or when you try to read it disappears when clicked along with all mail back to the same time that is missing on the user account stored on the server.
  This has happened on different users and from different workstations. The only constant appears to be that these accounts are stored in network user accounts.
  We are planning to bring mail in-house and switch to IMAP. But would like to know if anyone else has ever seen this.
  Any ideas?
  Thanks,
  Bob

  Having the same problem here. I think its to do with the network home having a different database file from the local home and when the background sync happens the local home database is being replaced by the network home.
  There is nowhere to set that during a background sync the local home should always be considered the newest and be pushed to the network. Sounds like it should be logical, but it doesn't seem to work like that.
  I have users complaining that there machines are ok when they start, they have mail arrive during the day and then disappear and their mail box reverts back to the state it was when they logged in.
  There is also the problem that when they move they don't always get the latest version of their mail box.

• Networked user accounts, mail passwords not saving or notes?

  Hi there,
  I have a mac mini set up as a server with latest software. On it i have 20 networked users which use between them for different mac mini's.
  Problem which i have come across and i haven't found a solution yet. When i created them emails on there user accounts the incoming mail password won't save? On occasion i has saved, but once log out of the user and log back in the password has gone. which then it prompts me to keep typing the password in and won't save the password. This is very frustrating!!
  I have also just noticed when i put message in notes and then log out and log in the the message has gone. This got me thinking it could be something with the user account not saving any data that put in? I don't really want to reformat the server if i don't have to.
  If anyone has solution to this problem, it would really handy to know?

  I click the Note button, nothing happens. The feature is completely out of service. I don't understand. Am I missing something obvious? I have tried the keystrokes too, no reaction at all, no errors, just can't use Notes, at all! rrrrrrrrrrrrrrrr! Please help.
  Update: I opened Console to see if I could find any errors immediate after trying to create a note and this is what I found:
  6/26/08 10:28:31 PM Mail[236] * Assertion failure in +[NoteView updateFontAndRule:], /SourceCache/Mail/Mail-924/MessageViewer.subproj/NoteView.m:149
  6/26/08 10:28:31 PM Mail[236] * WebKit discarded an uncaught exception in the webView:didFinishLoadForFrame: delegate: <NSInternalInconsistencyException> font-family cannot be nil
  6/26/08 10:28:42 PM Mail[236] * Assertion failure in +[NoteView updateFontAndRule:], /SourceCache/Mail/Mail-924/MessageViewer.subproj/NoteView.m:149
  6/26/08 10:28:42 PM Mail[236] * WebKit discarded an uncaught exception in the webView:didFinishLoadForFrame: delegate: <NSInternalInconsistencyException> font-family cannot be nil
  6/26/08 10:28:42 PM Mail[236] * Assertion failure in +[NoteView updateFontAndRule:], /SourceCache/Mail/Mail-924/MessageViewer.subproj/NoteView.m:149
  6/26/08 10:28:42 PM Mail[236] * WebKit discarded an uncaught exception in the webView:didFinishLoadForFrame: delegate: <NSInternalInconsistencyException> font-family cannot be nil
  6/26/08 10:29:06 PM Mail[236] * Assertion failure in +[NoteView updateFontAndRule:], /SourceCache/Mail/Mail-924/MessageViewer.subproj/NoteView.m:149
  Message was edited by: tfire1

• Small office (5 users) - Accounting - wanting to secure ingress/egress of docs..

  Small office (5 users) - Accounting - wanting to secure ingress/egress of docs..I haven't seen this answered for an office of this size.I have the need for a relatively cheap software package or guidelines (I'll still keep the search active) for how to block, or at least alert, of sensitive data from leaving the company.I know that I'll have challenges on:1. Blocking certain attachment types from being sent, via webmail, web site attach, email. I am sure someone's written a how-to but I'm darned if I can find it. Suggestions?
  2. Blocking certain programs from running (whitelist/blacklist) - not really wanting to be deep in their pockets every time the application is updated, so not sure if a hash list would be a good idea based on a GPO security policy, or if black/white lists are best?3. Web blocking - I'm thinking I am wanting to...
  This topic first appeared in the Spiceworks Community

  Hi guys,First, I've done a lot of searching on the weband read a few different threads on Spiceworks regarding HIPPA compliance and encrypting hard drives.Specifically these two threads:http://community.spiceworks.com/topic/596465-encryption-for-hipaa-compliancehttp://community.spiceworks.com/topic/320759-how-are-you-handling-hipaa-s-latest-data-at-rest-rulesSo I have a new client that's in the medical field. He has a server that's about two-three years old that looks as ifit was built with budget at the forefront. It's a whitebox with an Asus P8H77-v motherboard, 16 GB of ram, an i3 processor& two 1 TBSATA drives using raid 1 right off the motherboard. The roles it has: DNS/DHCP/File server/AD. Side note - eventhough it's been setup for AD none of the computers are on the domain.Their EMR software is Tracknet & the datais being stored...

• Can not make network user accounts

  After upgrading from 10.6.8 Server to 10.8 and installing server tools, I can not make network user accounts.  All of my old network user accounts migrated to the new OS and work properly, I just can not seem to make new accounts under 10.8.
  Under 10.6.8 I would log into Workgroup Manager as diradmin and I could pretty easily make new users.
  Under 10.8.2 I launch the server app and click on "users".  The addition (+) symbol in greed out for making new users.  I can make local users via System Preferences, but I can not see any way to change local users to network users via either System Preferences or the Server app.
  I have logged into the server app using a local administrator account, the diradmin account, and the root account.  None of the accounts allow access to create new network users (addition symbol is greed out).
  Is there a trick to making network users in 10.8 that I am missing?
  (as an aside, I have noticed I can log into Directory Utility as diradmin and can view the node with all my network accounts.  It seems like I might be able to manually create a user account this way, but I'm not quite sure how to make the user record)

  Open Directory service is started and functional for all the pre-existing network user accounts that were made under 10.6.8 and earlier.  I just can not seem to create new netowork user accounts.
  I followed the steps on this page and managed to make a user record that appeared as a network user in the Server app, but I still can not seem to log in under the user I made in this fashion (dscl command via terminal).
  http://www.deadmarshes.com/Blog/20111105010130.html

• Where is the MailAccounts.plist stored for a network user account using Apple Mail on Snow Lion?

  Where is the MailAccounts.plist file stored for a network user using Apple Mail on Snow Leopard?  It appears one of my users has managed to do something to their mail account as Apple Mail will no longer close once opened and the Sent Folder has a perpetual spinning pinwheel.

  They would have to be logged in as separate users in order not to see your account in Mail. Whatever accounts put in Mail under your account will show up. All mail accounts usually have there own user and password. The only thing you can do is to remove the password from Keychain and take the account offline so you don't keep getting prompts for passwords each time it checks for mail.
  Not a great solution.
  Best way is to give the other user their own user account with their own mail and enable fast user swithcing to log between the different users if all access the computer frequently.

• OD network user accounts with radius secured wireless

  ok.
  i'd like to use radius security on my wireless network.
  i also have 300+ OD users, who log on using both wired desktops and wireless laptops.
  however, once radius is up and running, i no longer can access the "other..." user login option on the laptops, as the laptops can't conenct to the network to get the OD user info.
  how to i work around this? do i add the OD bound  laptops themselves to the allowed users?
  ta

  Well, folks, it turns out that the network user list is in fact displayed, but there's a slight catch that had me fooled. I've got a single local account set up. This local admin account is selected by default and displays the password field. When I hit ESC to clear it, that local account only is displayed for about 15-20 seconds. This fairly long delay made me think it would never happen... whoops. AFTER about 15-20 seconds, the full login list is displayed. Unless you clear that pwd prompt by hitting ESC or clicking Back, the list is never displayed.
  Now that I've created a second local user account for other reasons, the pwd prompt does NOT automatically appear, and the network user list is displayed after 15-20 seconds, despite WPA.
  Problem solved. Now we'll just see if 26 users can log in simultaneously over wireless... I won't hold my breath for too long!
  Thanks for your time.

• Network User Accounts

  Hello,
  I have a little (or big ;)) Problem with the Network User Accounts on Leopard Server.
  I created the Networkshare for the Networkhome Directories und selected them in the Workgroupmanager, also I connected the mac Clients via the Directory Util to the Server.
  But no Networked Home User can login from the Clients (the Client says at the Login Window "Network Accounts aviable".

  You can use a static LDAP mapping on the client computer here to accomplish this.
  Using Directory Utility, you want to edit your LDAP plugin settings for your OpenDirectory server. (Directory Utility -> Show Advanced Settings -> Services -> LDAPv3 -> Edit your Config -> Search & Mappings)
  Expand users, and go to NFSHomeDirectory. Here you can enter in:
  #/Users/$RealName$
  This will create a local home directory in users with the directory name called whatever value is in RealName.
  Randy

• Windows 7 user account network and administration problem

  Hello
  I hope I am in the correct place and that my problem can be looked at, if not could I ask the moderator to move this post to the correct forum.
  I have a very unusual problem that I hope can be resolved here.
  I have 3 x Win 7 machines ( 2 x Pro and 1 x Ultimate ) all on my network but recently I tried to SFTP/SSH using winscp into one of them ( Pro ) only to find that access was denied – it took ages to find out why
  – I finally noticed that the user name I created ( that has admin rights ) was not actually in the c:\Users\    folder what has happened is that all the files that should be in my created windows account are sitting in a folder called “user”which
  is insidec:\Users\
  I then created a folder that has the same user login nameI originally created, inside
  c:\Users\
  and copied all the files from the “user” folder and then tried to STFP/SSH into the original created user name but that did not work
  I then tried this link
  User Account - Hide using method 2 point 12, i.e adding (1) to the SpecialAccounts key, but that has not unhide my user account.
  Using this cmd below
  net user > Desktop\Users.txt
  lists the users but I would expect to see i.e
  Administrator ( followed by ) …. (created username)
  What I am seeing however is below
  Guest ( followed by ) …. (user)
  When I use the command
  lusrmgr.msc I see below :-
  Name = user
  Full name = my created windows login
  Description = blank
  I hope I can get some help here – I have cloned my disc in case of any mishaps but all I want to do is get my created win 7 user account working as it should, incidentally the login welcome screen appears on the
  created account.

  Hello
  MeipoXu
  I think that I have managed to get into a better position since your last email above, but not quite where I need to be.
  I have posted 3 jpg's
  jpg key 501 = c:\Users\D&S
  jpg key1000 = c:\Users\User
  jpg winscp = my SFTP attempt to my problem machine
  key 1000 = c:\Users\User .. everything I try to do will not get rid of this key.
  However c:\Users\D&S finally appeared, and I was able to SFTP login using winscp only to find the root reports as c:\Users\user.
  What I should see is c:\Users\D&S but I can only access c:\Users\User and not c:\Users\D&S
  ( Does that all make sense ? )
  The other thing I noticed was that key 501
  is normally reserved for the guest account c:\users\guest
  But it has taken over c:\Users\D&S ... if you can get me past this then I will be extremely grateful
  I need to see the root reported back as c:\Users\D&S   not c:\Users\User
  Turning to your post above and may I thank you for your help in trying to resolve this but before I proceed I need to be very clear about what you are suggesting I do.
  Your Quote
  Enable the built-in administrator account and login with it .To enable the built-in account:
  net user administrator /active:yes
  Q) Do I login with new the Admin account first then net user administrator /active:yes ?
  Your Quote
  Cut the whole folder and paste it to the Users folder , then navigate to the registry keys"ProfileImagePath" and change it  to "c:\Users\account name".
  Q) Cut and past which folder ? is it the folder c:\Users\D&S ? and where am I pasting it as "D&S" already exists in c:\Users\D&S .. I already created it and copied all the contents from "user" to "D&S"
  Your Quote
  Restart the machine and login with that account and then have a check.
  Q) That bit must mean login with D&S
  Your Quote
  If the issue has gone ,please run "net user administrator /active:no" to disable the built-in account.Again
  A) Got that bit :-)
  Apologies for the above but I have found to my cost that if you assume what something means it can turn out to be mis understood and I could end up creating more trouble for myself
  I will submit the winscp jpg separately as you can only submit 2 jpg's per message
  Thank you

• View/Change User Accounts From Across The Network - Do not have Server

  Is there a program or utility that can be run in Mac OS X Tiger or Leopard to manage user accounts on other Macs that are located across the network? Is there anything that will do this that is free, or not too much money?
  Our setup: multiple Macs on a network that is primarily a Windows AD Domain. For various reasons, we do not have the Macs setup as members of AD. We also do not have a Mac OS X Server. I am wondering if there is something that is built-in, free, or on the cheaper-end, to manage user accounts and their permissions from across the network on the Macs?
  Thank you for your help!
  Dan

  If the systems are not bound to a parent domain, then local account policy will need to be set individually. There is a way to get Workgroup Manager working on OS X client, but I do not know of a way for it to see remote NetInfo/DS Local data stores. It will only see the local store. NetInfo in the 10.2 days could pull this off. But Apple removed those features in favor of LDAP and eventually DS Local.
  You will probably need to use a combination of tools. Start with defining base settings in the User Template to ensure that all new home folders are created equal. Then use ARD or ssh to define user policy with pwpolicy and other tools like niutil (Tiger) or dscl. Test with mcxquery. If you get Server Admin Tools, you can use Workgroup Manager to craft the needed xml for mcx values, then inject into the user account.
  But this is only going to get you local policy. If users are connecting to file shares and mail, they are using their network credentials so those policies need to be managed at the domain level.
  I would encourage binding the machines to the domain. While this can, and has (sadly), been done, being part of the domain is so much easier. If you need a system for storing the LDAP schema, get a Mini and do it on the cheap. Otherwise, consider AD schema modification and then practice your xml skills.
  Hope this helps