Workgroup Manager Question

Hello Everyone,
I’m looking for a program or plug-in that I can use to manage users internet access. Something I can use to restrict a small group of users internet access to a list of approved sites only. I’d like to manage these setting via workgroup manager if possible. I’m not looking for a filter that blocks all users but something I can use to restrict a small group of users only.
Any ideas are greatly appreciated!
Thanks for you time and assistance.
Todd
www.mrbenrud.com
Background –
I teach technology (web design, graphic design and basic computing) at the high school level and I have a small group of students that can’t focus on their work when myspace, youtube, photobucket, etc… are only a click away. My district has a decent filter but my students are smart enough to get around it with proxy servers.
Currently I use workgroup manager to block all internet browsers for students that are failing but it is making life very difficult because now the failing students can’t check their grades, visit my web site to get assignments, notes and class resources.
  Mac OS X (10.4.4)  

My issue revolves around login items. For the User Group I have 4 drives mounting (so the Marketing Group mounts 4 items like afp://192.168.168.9/Department Folders for example). Access rights to the various Departmental Folders within that one are governed by their User Group. Works swell.
Within the Marketing group I have a Media Manager who has a laptop and travels often with it. I need his machine NOT to mount these drives at login but I want him to stay in the Marketing User Group as the permissions to the various servers are complex and individual management for access privileges is just sucky when you think long-term and whn you think administratively.
So I want to keep him in that User Group but I want to stop his machine from mounting at Login those drives that the rest of his User Group does. So I went to his individual account, selected Preferences->Login and set it to Manage: Always with a blank list. No dice - his machine still attempts to mount the drives.

Similar Messages

  • Question re: "Homepage:" field on the Info tab of Workgroup Manager

    I have about 200 users on an Xserve running Mac OS X Server 10.6. I have written a php script that queries the ldap server to display an addressbook page of sorts on our internal intranet. I noticed that there was a "Homepage:" field available on the Info tab in Workgroup Manager when entering user information and since I was not using that field I decided to use it for the webcal location of my user's calendars so I could add that link to my addressbook page. I did not realize that as I was pasting the links in the Workgroup Manager decided to add a "/user_name" to the end each of them breaking my links.
    I'm curious what the "Homepage:" ldap entry is used for and why the link I paste in there gets changed?
    Also, if I select the text in that field and delete it after clicking Save the /user_name entry comes back (without the rest of the URL I had pasted there). The only way I have found to remove the entry completely is to click on the Inspector tab and remove the "URL" attribute. Am I likely to mess anything up now by removing that URL attribute or am I better off just leaving it there (so far I have tested with one user and everything seems ok so perhaps there is nothing to worry about here).
    Thanks in advance.

    When I was attended a seminar at Macworld '07, the gentlemen demonstrating the various server tools used Workgroup Manager without a server, and made a point of telling us we could use it without a server. However, they neglected to mention if there was a way to duplicate the settings to other machines without them accessing OS X Server. I suppose I will have to do this manually at each machine, but at least I can still do it!

  • Workgroup Manager won't create home directories; no error message

    This is quite frustrating. For the past 3 years or so I have used the same procedure to add new users to my LDAP directory:
    1) In Workgroup Manager, click the New User button
    2) Assign name and password under the basic tab
    3) Assign group memberships under the Groups tab
    4) Under the Home tab, select the right place (nfs://my.server.org/Volumes/Users), click Create Home Now
    5) Click Save
    Suddenly, when I try to do this yesterday, workgroup manager won't create home directories anymore. I could probably do it manually, but I'm not sure how to get all the right skeleton setup in there. But my main question is, why doesn't this work anymore? Why can't I at least get an error message instead of being silently ignored?
    I share admin duties with other people, so it's possible someone installed an update recently; all I can really say is that I'm running Leopard Server 10.5.8 right now, and can find out whatever else is relevant.
    Any ideas?
    Thanks!
    ~Ben

    Thanks for the pointer to createhomedir - that did indeed do the trick. (How on earth do people find these little nuggets).
    I hesitate to mark this as solved however - it's a functioning workaround, but does nothing to explain why on earth the GUI suddenly stopped functioning.
    But in the (likely) event that that question never gets answered, thanks again for letting me get on with working!

  • Workgroup Manager Won't Authenticate Anymore

    I'm using 10.5.2 on both a client and a server and I'm seeing some weirdness with Workgroup Manager. Last week, I had no problem using workgroup manager on my machine to connect to the server. Today, WM is not allowing me (or any other admin accounts) to authenticate at all remotely. If I screen share to the desktop of the server and run workgroup manager, I can use my credentials to authenticate.
    What I'm seeing in the system.log is "Client response doesn't match what we generated" I found the relevant article here: http://docs.info.apple.com/article.html?artnum=306596
    Following up from that article, I did some digging in the Password Service logs. When I try to login remotely to Workgroup Manager, the logs show this:
    Feb 19 2008 09:49:47 AUTH2: {0x4787f45616bdec6b0000000600000006, mbydalek} DIGEST-MD5 authentication failed, SASL error -13 (password incorrect).
    This line gets repeated 4 times.
    When I'm on the server locally and authenticate, it uses CRAM-MD5 and authenticates successfully.
    I did find the following article talking about testing authentication, etc. http://docs.info.apple.com/article.html?artnum=302942 All the methods described in there work test successfully.
    Something really strange is going on here because my user can authenticate to AFP, SSH, etc. just fine - just not Workgroup Manager remotely.
    I'm going to further chalk it up to weirdness because what I'm trying to do this morning is add a new user (normally a 2 min job). Adding the user from the manager on the server is fine, but it throws an error when trying to create the home directory.
    Lastly, I thought it could be my machine, but I've kinit'd, afp'd, etc. from my machine without a problem.
    Anyone have any other ideas that I can try?

    Thanks for the pointer to createhomedir - that did indeed do the trick. (How on earth do people find these little nuggets).
    I hesitate to mark this as solved however - it's a functioning workaround, but does nothing to explain why on earth the GUI suddenly stopped functioning.
    But in the (likely) event that that question never gets answered, thanks again for letting me get on with working!

  • Unable to enable disk quotas in workgroup manager, X.4.8 server

    I am trying to enable disk quotas in workgroup manager for our open directory users with mobile accounts.
    I select "sharing" ---> all ---> drive that home directories are stored on ---> select "Enable disk quotas on this volume."
    I am able to click the tab but when I attempt to save it gives me "unable to save changes." How can I save the changes? Do I have to use the CLI for this?
    This is similar to this previous unsolved question on the boards: http://discussions.apple.com/thread.jspa?messageID=2495400
    I'm not trying to make any other changes when I'm saving this, and am authenticated as the directory admin. Any help is a big help!

    Nevermind, I found the answer in the archives after much searching. Went in via CLI and deleted the files below...voila! Disk quota goodness ensues and all is well.
    full thread here:
    http://discussions.apple.com/thread.jspa?messageID=2859843
    "I answer my own question. I deleted the two files ".quota.ops.user" and ".quota.user" at the root level of each disks and now I can activate disk quota."

  • 10.4 Workgroup manager and xserv slow..

    We have an XSERV running 10.4.11 server that was working fine. last week the server OS drive became corrupted and I have to reformat and reload the backup we had from retrospect. All seemed OK... BUT.. now when a user going to login to workgroup manager, it is very slow getting to the desktop and getting any icons on the desktop. this is happening in our 2 computer labs that have IMAC computers. They were fast BEFORE the server crashed and had to be restored...

    Quote:
    Do we need to modify/update some schema changes with Lion to be applied to the AD?
    That's the question, it looks to me like it might be trying to store the configurations in a different attribute or something.

  • Workgroup Manager: Sharing is Greyed Out

    Having re-built a 10.4.11 Server OS, migrated data from the old drives onto the new ones, installed users, got it up and running, I now find I have a problem where the Sharing icon on the Workgroup Manager is greyed out, and thus I can't get into it to adjust sharing settings, add things, etc.
    Currently, users seem to be able to mount all the shared volumes, because they were setup before this issue started, and I turned up the ACL's as well. However, I'm concerned I won't be able to make changes or updates. Is there something I've done or missed that's caused the Sharing to suddenly become greyed out and inaccessaible from Workgroup Manager? And more importantly, is there a way to correct the issue?
    Thanks in advance for your insight!

    I found the answer to my own question from another discussion:
    http://discussions.apple.com/thread.jspa?threadID=1970581&tstart=0
    When opening the Workgroup Manager, type in 'localhost' for the address.

  • Do I have to add computers in Workgroup Manager?

    What is the difference to add computers in the group "Computers" in "Workgroup Manager?
    It seems to work anyway without adding any computers.

    To answer your direct question: no. You don't have to add computers into those groups.
    Computer accounts allow you to identify and manage individual computers.
    For more information about setting up computer accounts, see Chapter 6, “Setting Up Computers and Computer Groups.” To specify preferences for Mac OS X computer accounts, see Chapter 10, “Managing Preferences."
    A computer group is composed of computer accounts or computer groups. By combining these into a single computer group, you can apply the same managed preferences to all its members.
    To learn more about how to set up computer groups for Mac OS X client computers, see Chapter 6, “Setting Up Computers and Computer Groups.” To specify preferences for Mac OS X computer groups, see Chapter 10, “Managing Preferences.”
    The Open Directory manual and particularly the User Management manual (source of the text quoted above) in the [Apple manual shelf|http://www.apple.com/server/macosx/resources/documentation.html] describe (most of?) this stuff.

  • Problems with Workgroup Manager

    I just took over computer support for a local school.  They have a Mac 10.5.6 server that I log in as <admin>.  Unfortunately, when I go to Workgroup Manager.  I can't add or change any accounts.  Obviously, the <admin> user doesn't have permission to make these changes.  How do I give admin user the right permission to work in workgroup manager?  The guy that set this up is now with a different company, and he is nearly impossible to contact. 

    The Apple manual is correct regarding how ACLs interact with POSIX permissions. If you haven't already, please see my ACL Tips post, which gives you some more detail: http://discussions.apple.com/thread.jspa?messageID=1696702.
    And, here's my answer to a question regarding how permissions for new/copied/moved files are assigned: http://discussions.apple.com/thread.jspa?messageID=3188259&#3188259.
    According to your post, I see two possibilites: One, you've recently enabled ACLs without restarting your server. If that's the case, a restart will work.
    Or:
    I fire up the Effective Permissions Inspector, drag over a production member and find all the write attributes are off except for delete.So the everyone posix field definitley overrides my ACL settings. Now I can set the Posix everyone field to read and write but I don't want everyone to have access.
    Do you mean that all write attributes are ON except for delete? If so, then there's the second possibility:
    The Finder and some other applications are not yet fully ACL-aware. For example, if all write permissions are granted except for delete_child and delete, then the Finder will treat the folder/file as read-only. This is also a problem for applications that employ saving routines like TextEdit. Basically, this situation cannot presently be resolved without further application improvements. Yes, the filesystem and core OS are ACL-aware, and effective permissions are being calculated correctly, but Finder/TextEdit represent a set of applications that depend on POSIX-like ACL mixdowns. This means that, even though ACLs offer fine-grained read and write permissions, some applications don't respect them when they're told.
    So why even have ACLs? Well, right now they fix several problems with POSIX-only: (1) nesting groups, (2) defining new/copied file/folder inheritance, and (3) the ability to define permissions for more than just one group (POSIX group) or user (POSIX owner) at a time.
    Hope this helps.
    --Gerrit

  • Can not locate Workgroup Manager; possibly not installed?

    Here's the story:
    I'm trying to get my new camera software installed and one of the steps is to launch Image capture.
    Image capture gives me an error saying: "No Image Capture Device connected."
    Apple says to fix this I need to open Workgroup Manager (in /Applications/Server/) and change some preferences.
    But, I can not find Workgroup Manager for the life of me. I used spotlight with no luck. I also don't have a folder in Applications titled Server. This worries me and makes me wonder if the program could have been deleted or not installed at all?
    Any suggestions on how to find WgM would be welcome.

    Whoa... somebody got confused someplace... I wouldn't guess you are running OSX Server on a MacBook, but the oSX CXlient instead, so no idea how Apple came up wih that solution.
    You likely should not have a Server folder there, nor the APP they speak of.
    What kind of Camera exactly, and how does it connect?

  • Disabling Keyboard Shortcuts for LDAP Accounts -Workgroup Manager...

    I work in a school and all our students are on LDAP accounts. Recently some of the kids realized that hitting Ctrl-Opt-CMD-8 inverts the screen display. You wouldn't believe the amount of havoc this has created at school, especially when they do it to a kid’s account that doesn't know how to fix it.
    Keyboard and Mouse are NOT one of the items under preferences for either groups or accounts in Workgroup Manager. Does anyone know if there is a way around this, or an alternate way of getting rid of the keyboard shortcuts for Universal Access, for either groups or accounts?
    Thanks
      Mac OS X (10.4.6)  

    Within the Workgroup Manager pane for Preferences, there is an option to manage Universal access. Within that section, there is a tab for 'Options'. You will want to change that management to 'Always' and leave the box for 'Allow Universal Access Shortcuts' UNchecked. This will, in effect, disable the usage of the shortcuts for a User or a selected Group account.
    Hope this helps out!!
    www.Admin660.com

  • I am using 10.6.8 and I cannot get an Imac to appear in workgroup manager, the mac is bound to both AD and OD. I have removed the bindings, rebuilt the mac and also removed it from bot system but still it does not appear in OD in work group manager.

    I have a mac which is connected to a network and is bound to both OD and AD with no issues on my server when I try to manage it through Workgroup manager it does not appear.
    I have unbound it , removed it from both systems completely and even rebuilt it but it still does not appear in WGM.

    If your server is 10.6 and your client is 10.7 you'll have to add it manually to WGM
    via mac address.  10.7 clients don"t automatically appear in 10.6 server wgm

  • Cannot login with a account created with workgroup manager on local box

    Hi my name is richard and i recentgly acqquired from one of ,y friends a macbook pro with leopard 10.5.7 and I downloaded the server tools to it because workgroup manager gives me more control over user creation and the like.there are three issues that i am facing right now:
    1) I create an account for a user "VERONICA MARS" short name vmars with a password of apple. when I try to login using that account the login window just sits there and shakes its head at me like no no no wrong cridentials.
    2) using the same account vmars i try to reset her password using wgm and it says that it cannot reset the password.
    3) when i try to create the account it tells me that the home directory cannot be created.
    oh and heres a bonus one:
    most of the time in wgm it takes forever to get from one tab to the next and ill have to do a force quit to restore my mkac back to normal.
    if anyone can help with these issues please respond
    thanks in advanced
    richard johnson
    mac fan for life

    Please let us know the username of the account that is giving you trouble.

  • Unable to authenticate with diradmin in Workgroup Manager

    This has happened before, and I have no idea how it got fixed - too many independent variables...
    Anyway, I cannot authenticate the OD with diradmin even while using Workgroup Manager directly on the server.
    The setup:
    SLS 10.6.8
    Split-brained DNS
         Both public and private FQDNs are the same (myserver.mydomain.com). External DNS maps machine record to my static public IP address. Using an AirPort Extreme router, port fowarding services that I want open to the server. The router provides DHCP via NAT to the local network, with a fixed private IP assigned to the server. The server is running DNS with the same zones, machine records, services and aliases that the public IP DNS has, except mapped to the fixed private IP. DNS checks out with changeip, etc.
         The server is an OD master. Yesterday I exported it, demoted it, and restored it. All services (mail, web, etc.) seem to work fine (although I admit to not using Kerberos on AFP due to another issue).
         I have a wildcard certificate that is generated by GoDaddy (*.<mydomain>.com) which seems to work fine with the hosted websites.
    This is what the password service error log says when I try to log in with diradmin in Workgroup Manager:
    Jan 10 2012 14:01:32    AUTH2: {0x4bbe71ca6b8b45670000000200000002, diradmin} DHX authentication succeeded.
    Jan 10 2012 14:01:32    KERBEROS-LOGIN-CHECK: user {0x4bbe71ca6b8b45670000000200000002, diradmin} is in good standing.
    Jan 10 2012 14:01:32    KERBEROS-LOGIN-CHECK: user {0x4bbe71ca6b8b45670000000200000002, diradmin} authentication succeeded.
    Looks good to me. But I still get the "Information Not Valid for This Server" followed by stuff about invalid login ID or password.
    I did notice in the LDAP log:
    Jan 10 14:13:12 <myserver> slapd[52283]: SASL [conn=18] Failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Key table entry not found)
    And at the last bootup in the directory service error log:
    2012-01-10 08:52:03 EST - T[0x00007FFF7027ACC0] - DNSServiceProcessResult returned -65563
    The other thing I notice when I log into the library in Workgroup Manager FROM THE SERVER, even if I use the FQDN <myserver>.<mydomain>.com that Workgroup Manager says (in the title bar of the window) <myserver>.local.
    I have googled the various errors and messages, and I get folks with all sorts of variations ("change the binding options", etc.) none of which either applied or worked.
    Help?

    Continuing on my quest... I found this Technical note from Apple about re-kerberizing:
    http://support.apple.com/kb/HT3655
    Interestingly, in step 3 where it says to remove realm information from kdc.conf, there wasn't any of my realm information. Argh!
    So I completed all of the steps and executed the slapconfig command. This resulted in:
    bash-3.2# slapconfig -kerberize -f --allow_local_realm diradmin <MYREALM>
    diradmin's Password:
    Could not resolve hostname <MYDOMAIN>
    Skipping Kerberos configuration
    Sounds like a dreaded DNS problem. It had been working correctly, but changeip -checkhostname confirmed a problem. Turns out that there were EXTERNAL DNS servers in the Network preferences in System Preferences as well as on the router. With my Split-brained DNS this caused problems (thank you again MrHoffman). So I changed them both to my DNS server INTERNAL IP address and added the external ones to the Forwarder IP Address in DNS. Now checkhostname -changeip returns a favorable result.
    So after rebooting ran the slapconfig command again and got the same result. Argh. Cleared DNS caches. Still nothing.
    So I tried nslookup.
    nslookup <mydomain>
    Server:                    10.0.8.2
    Address:          10.0.8.2#53
    ** server can't find <mydomain>: SERVFAIL
    Where 10.0.8.2 is the fixed INTERNAL IP address.
    However, nslookup on using the fixed IP address yields:
    bash-3.2# nslookup 10.0.8.2
    Server:                    10.0.8.2
    Address:          10.0.8.2#53
    2.8.0.10.in-addr.arpa          name = <mydomain>.
    Scratching head here... changeip -checkhostname works, nslookup on the IP address works, but nslookup on the host name fails.

  • Open Directory - Unable to login Workgroup Manager

    I am unable to login to Workgroup Manager with my diradmin account.
    I know the password is correct.
    This is on Mac OS X Lion 10.7.2
    Everything was working fine last night, but then it stopped functioning.  I am able to see all the users, but they are greyed out.  When I try to login, I get "The login information is not valid for this server" 
    The LDAP log shows a bunch of the same errors that it did not show before.
    slapd[76]: SASL Failure: GSSAPI Error: Miscellaneous failure.
    Please advise.  Thank you.
    Samson

    Try logging in to Workgroup Manager using the local admin account not the diradmin account. If this works, then try accessing the /LDAPv3/127.0.0.1 choice using the diradmin account.

Maybe you are looking for

  • Importing existing flash video files??

    howdy quick question. if you import existing flash video files into an encore project, will this help reduce the final render time? or will encore rerender the existing flash video files? cheers angus

  • Trex Error 4950

    Hi All, I am installed the TREX7.1 sucesufully, after that i ran the script python Runinstallertest.py and it ran succesfully with returncode 000 and allservers are showing ok. I have configured a RFc connection to test system and rfc is working fine

  • Why does my firefox go to netherlands when I open up.I live in Tasmania. and always redirecting sites.

    I live in Australia and every time I try to open mozilla firefox.com it changes to nl. (netherlands) I type in a search and it redirects me. I dont think I have done anything for this to happen it automatically changed.

  • Clients do not "come back" after being locked

    I have a lab of iMac G5's and Intel iMac's. I have no local computer support as our school division went to all windows computers several years ago. I am the lone classroom (teaching Graphic Imaging Technology) in the division with Mac's. I don't kno

  • Do not know how to call Servlet from a JSP???

    How do I call a Servlet from a JSP page? I have an JSP page that does a few things but when there is an error I need the JSP page to call a Servlet but do not know how to do it. I want to call a ServletFaillogin from a JSP page how can I do it? <html