Apple MAC OS X SERVER 10.4 DEPLOYING Manual
Mac OS X Server
Deploying Mac OS X
Computers for K–12 Education
For Version 10.4 or Later
Apple Computer, Inc.
© 2005 Apple Computer, Inc. All rights reserved.
The owner or authorized user of a valid copy of
Mac OS X Server software may reproduce this
publication for the purpose of learning to use such
software. No part of this publication may be reproduced
or transmitted for commercial purposes, such as selling
copies of this publication or for providing paid-for
support services.
Every effort has been made to ensure that the
information in this manual is accurate. Apple Computer,
Inc., is not responsible for printing or clerical errors.
Apple
1 Infinite Loop
Cupertino CA 95014-2084
www.apple.com
The Apple logo is a trademark of Apple Computer, Inc.,
registered in the U.S. and other countries. Use of the
“keyboard” Apple logo (Option-Shift-K) for commercial
purposes without the prior written consent of Apple
may constitute trademark infringement and unfair
competition in violation of federal and state laws.
Apple, the Apple logo, AppleTalk, Mac, and Macintosh
are trademarks of Apple Computer, Inc., registered in the
U.S. and other countries. Finder is a trademark of Apple
Computer, Inc.
Other company and product names mentioned herein
are trademarks of their respective companies. Mention
of third-party products is for informational purposes
only and constitutes neither an endorsement nor a
recommendation. Apple assumes no responsibility with
regard to the performance or use of these products.
019-0545/10-03-2005
Contents
1
5 Deploying Mac OS X Computers for K–12 Education
5
Introduction
7
Centralized Information and Resources
7
Directory Services
9
Network-Visible Resources
11
Managing Student and Teacher Work Environments
12
13
15
16
17
17
19
20
20
20
21
21
22
22
23
23
27
28
29
30
30
32
47
47
49
54
54
The Power of Preferences
Levels of Control
Designing the Login Experience
Degrees of Permanence
Caching Preferences
Using Mobile Accounts
Using Images to Install Software and Start Up Computers
Simplifying Initial Computer Setup
Keeping Student Systems Up to Date
Refreshing Lab Systems
Deploying Images
Using Apple Software Restore to Deploy Network Install Disk Images
Using NetBoot Service to Deploy Network Install Images
Deploying Images Without Using a Network
Remote Administration
Student Work Environment Administration
System Image Administration
Day-to-Day Student Computer Administration
Introducing the Scenarios
Scenario 1: Using a Wired Lab or Classroom
Introducing the Scenario
Setting Up the Scenario
Scenario 2: Using One-to-One Mobile Computers
Introducing the Scenario
Setting Up the Scenario
Scenario 3: Using NetBoot in a Wired Lab
Introducing the Scenario
3
55
58
58
59
59
60
60
61
61
62
63
63
63
63
64
64
Setting Up the Scenario
Planning Your Own Mac OS X Deployment
Where to Start
Identifying Computer Management Goals
Determining Server and Storage Requirements
Assessing Imaging Requirements
Deciding Between Using Wired and Wireless Networks
Deploying Your School’s Network Within a District-Wide Network
Choosing Accounts Types for Your Users
Organizing User Information
Defining Groups
Defining Computer Lists
Defining Workgroup Access to Computers
Picking Preferences to Manage
Defining Shared Folders
Blank Forms
75 Glossary
4
Deploying Mac OS X Computers
1
for K–12 Education
Introduction
Deploying computers in a K–12 environment can be a technical challenge for many
schools. The need to bring in outside resources and alter curriculum plans to adapt to
technology has made deploying computers a chore. Mac OS X and Mac OS X Server
make adopting computer technology easier for K–12 staff and students.
Desktop and mobile computers running Mac OS X offer K–12 students a learning
environment that’s powerful yet simple to use and manage.
Computers running Mac OS X Server software offer K–12 administrators, technical staff,
and teachers a centralized way to manage student computers and provide students
with services, such as file and printer sharing, that promote educational goals.
The audience for this paper is the technology coordinators or the system
administrators who are tasked with configuring and deploying a set of computers for
use by staff, teachers, and students within a K-12 environment. The administrator
referred to in this document could be a full-time systems or network administrator
from the school district, a full-time or a part-time technology coordinator, or even a
teacher who works as a technology coordinator in the school.
5
This paper begins by highlighting some of the ways that Mac OS X and Mac OS X
Server streamline setting up student computer environments that offer day-to-day
support for specific classroom and lab activities and objectives:
Â
Centralized information and resources
(page 7). Administrators generally deploy
student computers either as systems that are shared by students, or as one-to-one
systems that are designated for use by a single student. Mac OS X Server provides
the tools for centrally managing student information and computer settings for both
deployment scenarios.
Â
Managing student work environments
(page 11). System administrators can simplify,
customize, and control the student computer environment that takes effect when a
student logs in. The login environment complements the learning context—for
example, biology class, a publishing lab, or first grade. And teachers and students are
able to exchange information electronically.
Â
Installing software and starting up computers over the network
(page 19). Initial
configuration of student systems is simple when you use a server-based NetBoot or
Network Install image. Student computers install or start up from the centralized
image, which can include particular applications and preconfigured desktop settings.
Â
Remote administration
(page 23). Graphical administration applications help K–12
staff set up and manage server and student computers remotely—while working
from their own computers.
Next, the paper focuses on three example scenarios, using a step-by-step approach to
illustrate ways to set up and manage various K–12 learning environments:
Â
Scenario 1: using a wired lab or classroom
(page 30). Students use desktop
computers that are connected to a local area network.
Â
Scenario 2: using one-to-one mobile computers
(page 47). Students use mobile
computers that they carry back and forth between home and school.
Â
Scenario 3: using NetBoot in a wired lab
(page 54). Students use a lab in which
desktop computers are refreshed to complement specific lab exercises.
A closing section (page 58) provides guidelines and tips for planning your own K–12
Mac OS X deployment.
6
Centralized Information and Resources
Mac OS X Server running on Macintosh computers is the key to managing students as
they move from room to room and from computer to computer. The server makes
directory services information, as well as home folders, shared folders, and other shared
resources, accessible throughout a school.
Mac OS X
Server
Group foldersApplications
AirPort Extreme
Base Station
English classroom Science lab
Homes
Accounts Preferences
Library
Directory Services
Directory services
application software use to access a repository of information about network users and
resources.
For example, when a student logs in to a Mac OS X computer, the login window uses
directory services to determine whether the student is a valid user. The login attempt
succeeds if the name and password the student types are found in the repository. Later,
if the student attempts to access a certain folder or application, directory services
information is used again, this time by the file system to determine whether the
student should be allowed to access files in that folder or launch that application.
are built-in services that the Mac OS X operating system and
Open Directory provides directory services on Mac OS X computers. The repository
used by Open Directory is referred to as a
Â
All Mac OS X computers have a built-in directory domain, known as the
directory domain,
or simply a
domain.
local
directory domain. It resides on every Mac OS X computer. It contains information
specific to a particular computer, such as the computer administrator’s name and
password.
7
Â
With Mac OS X Server, you can set up a
shared
Open Directory domain. The shared
directory domain resides on the server. Other computers access the shared directory
domain through the network, so this directory domain is also called a network
directory domain. It contains information you want many student computers to be
able to access. When you set up a shared directory domain, student computers find it
automatically, thanks to a few simple settings you make when you set up the student
computers.
Shared directory domains store many different kinds of information, but you need to
be acquainted with only a few of them when planning and implementing K–12
computer deployments: user accounts, group accounts, and computer lists.
User accounts Group accounts Computer lists
Anne
Multimedia students
Maria
Big computers
Mei
Chemistry students
Gita
Â
User accounts
. These accounts provide information about students, teachers, and
Library computers
other users of a school’s computers. Each student, teacher, and other user has a user
account, which contains such information as the user’s login name and password
and settings you make to customize the user’s work environment.
When a student has an account in a shared directory domain, he or she can use
different computers in various classrooms and labs and still experience the settings
that have been defined for that student in the student’s account. And you can
manage the account settings centrally. When you store an account locally, you can
only manage its settings by changing them on the computer itself.
Â
Group accounts
. These accounts represent collections of students, teachers, or other
staff with similar working or learning requirements. Examples include Advanced
Graphics, Teacher Prep, or Home Use.
8
While group accounts play a key role in controlling file system access to specific
folders and files, one of their main functions is to provide the ability to manage
group work environments. By defining preferences, you can set up group-specific
application access, shared folders, printers, systems settings, and so forth. Groups
with managed preferences are called
workgroups.
By using workgroups, you set up curriculum-specific or workflow-specific
environments. For example, a language arts workgroup may use a folder for
homework assignments and a hand-in folder for each project, and have access to
only the applications a teacher considers appropriate.
See page 11 for more information about defining preferences to manage work
environments.
Â
Computer lists
. Computer lists offer a way to manage collections of computers.
For example, you can use a computer list to reserve high-capacity computers for film
students who use Final Cut Pro. You’d assign film students to a group, then set up a
computer list for computers you want to reserve for that group’s use. A student who
is not a film student can’t log in to one of those computers.
Network-Visible Resources
You can use Mac OS X Server to make various resources visible throughout your school
network, so students can move from computer to computer and room to room and still
access them.
There are several key network-visible resources.
Â
Network home folder
home,
is a place for each Mac OS X user to keep personal files. Users with accounts in
. A
home folder,
often referred to as a
home directory
or simply
a shared directory domain may have home folders that reside on the network, often
on the same server where the user account resides. Users with accounts in a shared
directory domain may also have a home folder created on the local system. These
accounts are referred to as “mobile accounts.” For more information on mobile
accounts, see “Using Mobile Accounts” on page 17.
9
A home folder contains several other folders—such as Desktop, Documents, and
Public—to help organize information. After logging in, a user accesses his or her
network home folder by clicking the home icon in the Finder.
Â
Group folders
with the group. A
. When you set up a group account, you can associate a group folder
group folder
is a place for group members to exchange ideas and
research findings, and a place for teachers to hand out and collect materials and
assignments for the group. A group folder contains three folders by default—
Documents, Library, and Public. The Public folder contains a Drop Box folder, useful
for turning in assignments electronically. Group folders can be customized, as when
you want to use multiple hand-in (Drop Box) folders or other folders tailored to the
needs of the group. By customizing group folders, a teacher can manage the flow of
information to and from their students.
Residing on the server for easy access throughout the school, a group folder can be
shown in the Dock for easy network access—in the classroom, a lab, the library—
anywhere a student wants to work on group activities.
10
Â
Other shared folders
. Teachers can set up folders on the server to give students
access to applications, handouts, announcements, class schedules, and other
information. Using network-visible folders makes it easy to update student materials
and collect assignments from students.
Â
NetBoot and Network Install images
. You can use NetBoot images and Network
Install images located on the server to automate the setup of student computers.
A student’s computer can start up from a
you can use the same computer for a science lab when it starts up from one image
and for a French lab when it starts up from a different image. Each time a lab
computer restarts, the system reflects the original condition of the chosen NetBoot
image, regardless of what the previous student may have done on the computer.
A
Network Install image
it easy to deploy the operating system, additional applications, and even custom
computer settings, remotely and without user interactions.
Read more about this topic in “Using Images to Install Software and Start Up
Computers” on page 19.
automatically installs software on student computers, making
NetBoot image
stored on the server. In fact,
Managing Student and Teacher Work Environments
You manage student and teacher work environments by defining
Preferences are settings that customize and control students’ and teachers’ computer
experiences.
Workgroup Manager, which comes with Mac OS X Server, is the application you use to
manage accounts and their preferences. You can easily define user’s preferences by
using the Overview pane of Workgroup Manager’s Preferences.
preferences.
Many factors, including student grade levels, security issues, and curriculum needs,
determine what computer work environment a student should be presented with.
In some cases, setting up informal usage guidelines may be sufficient. In other cases,
extensively controlling the student computer experience, with each system setting
defined and locked and each application controlled, may be necessary. The preferences
you define implement system capabilities that best reflect your curriculum concerns.
11
The Power of Preferences
Many preferences, such as Dock and Finder preferences, are used to customize the
appearance of student desktops. For example, you can set up Dock preferences and
Finder preferences so that the work environment of younger students is dramatically
simplified.
Other preferences are used to manage what a student can access and control.
For example, you can set up Media Access preferences to prevent students from
burning CDs and DVDs or making changes to a computer’s internal disk.
Here’s a summary of how preferences affect the appearance or function of the
student’s desktop and the activities a student can perform:
Tailors the work
This preference
Applications x The applications a student can
Classic x Classic environment startup
Dock x The appearance and contents of
Energy Saver x Computer wake, sleep, startup, and
Finder x The appearance of desktop icons
Internet x Default email and web settings
Login x The login experience
Media Access x Ability to use recordable media
Mobility x The creation of mobile accounts
Network x The proxy settings for accessing
Printing x Which printers a student can use
Software Update x The updating of software
System Preferences x Which system preferences are
Universal Access x Hardware settings for students
environment
Limits access
and control
You can manage
open
the Dock
shutdown settings
and Finder elements
servers through a firewall
visible on the student’s computer
with special visual, auditory, or
other needs
12
You can also modify non-system preferences in the Details pane of Workgroup
Manager’s Preferences. You can also use this preference editor to modify additional
preference settings not listed in the Overview pane.
Levels of Control
You can define preferences for user accounts, group accounts, and computer lists.
A user whose account has preferences associated with it is referred to as a
user.
A computer assigned to a computer list with preferences defined is called a
managed computer.
A group with preferences defined is called a
workgroup.
Except for Energy Saver preferences, which can be defined only for computer lists,
you can manage preferences for users, workgroups, and computer lists.
 Printing, Applications, and some Dock preferences (items that appear in the Dock)
are additive.
For example, if you define printing preferences for users and computers, a student’s
printer list includes printers set up for both the student and the computer being
used.
 Other preference settings defined at more than one level may be overridden at login.
When a student logs in to a managed computer and selects a workgroup, user
preferences override redundant computer preferences, and computer preferences
override redundant workgroup preferences.
For example, you may want to prevent all students from using recording devices
attached to a school computer except for students who serve as lab assistants. You
could set up Media Access preferences for workgroups or computer lists to limit all
students’ access, but override these restrictions for lab assistants by using Media
Access settings at the user account level.
managed
13
Most of the time you’ll use workgroup-level and computer-level preferences.
 Workgroup preferences are most useful if you want to customize the work
environment (such as application visibility) for specific subjects and student levels,
or if you want to use group folders.
For example, a student may belong to a group called “Class of 2011” for administrative
purposes and to a workgroup called “Students” to limit application choices and
provide a group shared folder for turning in homework. Another workgroup may be
“Teacher Prep,” used to provide faculty members access to folders and applications
for their use only.
 Computer-level preferences are useful when you want to manage preferences for
students regardless of their workgroup associations. At the computer level, you
typically want to limit access to System Preferences, manage Energy Saver settings,
list particular users in the login window, and prevent saving files and applications to
removable media.
Computer preferences also offer a way to manage preferences of students who
don’t have a network account but who can log in to a Mac OS X computer using
a local account. (The local account, defined using the Accounts pane of System
Preferences, resides on the student’s computer.) You’d set up a computer list that
supports local-only accounts. Preferences associated with the computer list, and with
any workgroup a student selects after login, would then take effect. More about
managing the login experience appears next.
14
Designing the Login Experience
You can set up Login preferences for computer lists to control the appearance of the
login window. These login options
result in a login window that looks like this:
The first user is the local computer administrator. The next two are generic student and
teacher accounts that reside on the server. The last is a specific user who has a mobile
account, which you’ll learn about shortly.
15
To log in, a student selects his or her login name in the list, then types a password
when prompted. If the student belongs to more than one workgroup, a list of
workgroups appears so the student can select the environment of interest. Note that
it’s possible for a student to belong to a group that doesn’t appear in the list; only
workgroups (groups with managed preferences) are listed.
16
You can limit access to a computer to only specific workgroups. You can also enable to
local-only users to select any of those workgroups.
Any preferences that are associated with the student, the chosen workgroup, and the
computer being used take effect automatically.
Degrees of Permanence
When you define preferences, you can choose to manage them never, once, or always:
 Never does not manage preferences.
 Always causes the preferences to remain in effect until you change them on the
server.
 Once is available for most preferences. It causes the preferences to take effect when a
student first logs in after you’ve made the setting. But the student can override the
settings locally.
For example, you can set a student’s Dock to appear a certain way initially:
Because these preferences are managed once, the student can use the Dock pane in
System Preferences to reset these Dock display options. If you want to give students
this ability, make sure you don’t set up System Preferences preference settings that
prevent the student from accessing that preference locally. Also, remember that
some preference settings, such as Accounts and Date & Time, require knowledge of a
local administrator’s name and password.
The next time you change the student’s Dock Display preferences on the server, any
student settings are overridden by the new settings. If they are still being managed
once only, the student can once again override them.
Caching Preferences
Preferences are cached on Mac OS X computers, so they remain in effect even when
the computer is off the network:
 Computer preferences and preferences for any workgroups that can use the
computer are cached.
 User preferences and groups are also cached for users who have mobile accounts.
When a client computer is off the network, only users with local accounts or network
users with mobile accounts on that computer can log in.
Using Mobile Accounts
When your school uses computers dedicated for use by particular users, you can
manage those users’ work environment using a special kind of user account—a mobile
account. While mobile accounts are used primarily for students who are assigned a
portable computer for their own exclusive use, they can also be used to manage
dedicated teacher or staff desktop systems.
Mobile accounts combine some of the best features of both local and network
accounts. As with local accounts, users can access their accounts when disconnected
from the network. However, unlike local accounts, you can manage mobile account
preferences remotely and users can synchronize their local home folders with a
network home folder for access to their files from other computers.
17
In Mac OS X version 10.4, mobile accounts can have portable home directories.
A portable home directory is a synchronized subset of a user’s local and network home
folders. You can configure which folders to synchronize and how frequently to
synchronize them. By synchronizing key folders, a user can work on and off the
network and experience the same work environment. Since the user has a local home
folder, and only synchronizes periodically or at login and logout, the mobile account
reduces network traffic, expediting server connections for users who need to access the
server. Additionally, the computer locally caches temporary files. This improves both
network and individual computer performance because the user’s computers locally
cache files like web pages.
Mobile accounts also cache authentication information and managed preferences.
A user’s authentication information is maintained on the directory server, but cached
on the local computer. With cached authentication information, a user can log in using
the same user name and password, even if he or she is not connected to the network.
When a student has a mobile account, the student’s login name, password, and
preferences defined for the user account, workgroups, and computer are the same at
school and at home. If you change any of these items, the local versions are updated
the next time the user logs in at school.
To enable mobile accounts, define Mobility preferences for a network user account,
workgroup, or computer list.
18
Like other preferences, the Mobility preference has a scope that depends on the level
at which it’s set:
 If the Mobility preference is set for a user account, the student gets a mobile account
on any computer he or she logs into.
 If the Mobility preference is set for a workgroup, any network user who picks the
workgroup at login gets a mobile account unless he or she already has one on the
computer.
 If the Mobility preference is set for a computer list, any network user who logs in to a
managed computer gets a mobile account on that computer.
These methods offer considerable flexibility. For example, you might create a computer
list for teacher desktops, iBooks, and graphics lab computers with the mobile account
preference active. When any user logs in to one of those systems, a mobile account and
local home folder are created for that user. On the other hand, you can set the mobile
account preference to be active only for a select set of user accounts, so any computer
those users log in to will have a mobile account and local home folder for the users.
Using Images to Install Software and Start Up Computers
The key to fast initial setup of student and teacher computers and rapid refresh of lab
computers is the use of Network Install package install and disk images, and NetBoot
images that reside on the Mac OS X Server system. Computers start up using those
images automatically.
Mac OS X
Network Install
images
NetBoot
images
Server
Clients using Network Install or NetBoot images
You use Network Install package install images when you want to install software on
computers. You use Network Install disk images to refresh a computer once. You use
NetBoot images when you want student computer environments to be refreshed every
time the computer is started.
Using a network-based NetBoot image provides many advantages over starting up
from a local hard drive:
 From the user’s perspective, the NetBoot image is locked. It can’t be accidentally or
maliciously damaged. In a training lab where students may make mistakes or in a
computer science class where system protection can’t be used because of
programming tool needs, you can use a NetBoot image to restore computers to their
original state after each use. No matter what a student does while on the system,
the image returns to the original condition at each startup.
19
 A network administrator who needs to perform maintenance doesn’t need to carry a
case full of diagnostic CDs. Instead, he or she can start up a system using a network
image that contains all of the diagnostic and repair tools.
 Multiple images can be provided on the network from a single server, and multiple
servers can provide a single image for optimum throughput.
The server can host as many as 25 different images, so you can maintain a collection
of customized software configurations for different workgroups and computers.
For example, one image can be used for installing the latest applications needed by
particular students, and another image can be used for starting up computers in
particular classrooms or labs.
The system imaging and software update administration guide provides full details
about using System Image Utility to create images.
Simplifying Initial Computer Setup
Setting up computers individually from installation media is a time-consuming activity
that requires the presence and supervision of the network administrator. Instead, you
can create a Network Install disk image to automate the installation and initial setup of
computers.
For every type of computer, you need to set up only one prototype computer, test it to
make sure it works as intended, then clone the system into a Network Install image
stored on the server. You remotely identify which computers you want to use the
image, and the computers automatically discover it and install its contents onto their
hard drive.
20
The prototype computer should have the same hardware configuration as the
computers you are deploying. Create multiple images as needed, based on user type
and computer usage—for example, you might want individual images for students
with iBooks and teachers with iMacs, or for AV labs and for library kiosks.
Keeping Student Systems Up to Date
Network Install is also useful when you need to update the operating system on
student computers or upgrade their applications.
You make an package install image that contains only the new software and set
student computers to start up to this updater image. The computers then install the
package install image, and restart to normal operation.
Refreshing Lab Systems
Lab computers are easy to refresh when they start up using NetBoot images that reside
on Mac OS X Server instead of using software stored on their own hard drives.
You can use NetBoot images to reset computers to a clean, known state for each
new student who uses them. They make it easy to use the same computer for a science
lab, a graphics lab—any environment that you want to customize for the duration of
the lab.
You can use the local hard drive for certain classes but make it unavailable for other
classes, such as in a lab dedicated to adminstering exams. If you require total control of
the NetBoot image, you can use NetBoot in diskless mode. Diskless mode prevents
viewing or modifying a lab computer’s hard drive after starting up, and prevents data
from being stored, even temporarily, on it.
Deploying Images
When you deploy images onto computers, choose a method that will work in your
environment. If your computers are connected through a wired network, you have
many deployment options. In a wired network, you can use Apple Software Restore
(ASR) to deploy Network Install disk images. You can use NetBoot service to deploy
Network Install disk and package install images. If your computers are not connected to
a wired network, you can only deploy images using FireWire drives or DVD install
images. If your computers are not connected through a wired network, consider
temporarily connecting them to a wired network so that you can quickly deploy
images on all of them.
You use NetBoot service to deploy NetBoot images.
Using Apple Software Restore to Deploy Network Install Disk Images
Apple Software Restore (ASR) can run on any computer with Mac OS X version 10.4 or
later installed. Apple Software Restore can deploy disk images that were created using
the Network Install pane of System Image Utility or by using Disk Utility. Apple
Software Restore can be much more efficient than using NetBoot service to deploy disk
images, especially when refreshing computers simultaneously.
You can configure Apple Software Restore to continually send out a stream of
networking data over the network. This is called multicast ASR. Multiple computers can
connect to this stream of data simultaneously. Computers can connect to the same
stream of data at any time. Since all computers are refreshed using the same stream of
data, and not a separate stream for each computer, the server and the network are not
as heavily strained as when deploying with NetBoot service.
It is possible to overload the network when using a multicast ASR server, reducing
available bandwidth for other services. If you improperly configure the Apple Software
Restore data rate option, it can create a denial of service situation. asr is a commandline tool; for more information on asr options, see the asr man page.
21
Using NetBoot Service to Deploy Network Install Images
You can use NetBoot service to deploy Network Install disk and package install images.
Use Server Admin to configure NetBoot service.
When choosing between using disk images or package install images, choose based on
if you are deploying to many different kinds of computers. Disk images require that the
image be based on a prototype computer of the same model and hardware
configuration of those that the image will be deployed on. For example, your iBooks
and iMacs would require separate images, one for each computer model.
The key advantage to using disk images is that it takes much less time than using
package install images to refresh individual systems. There are also options available to
make deployed images unique. The biggest disadvantage of using NetBoot service for
deploying disk images is that unlike Apple Software Restore, it can heavily reduce your
available network bandwidth if you are deploying many images simultaneously.
Unlike disk images, package install images do not require using a prototype computer
to create the image. You can create the package install image using the original
Mac OS X installer discs and any additional packages for custom software. This allows
you to install packages on any computer regardless of the hardware type. To customize
systems after using package install images, you might have to run post-installation
scripts. Deploying package install images is also much slower than deploying disk
images through Apple Software Restore or NetBoot service.
22
For more information on using NetBoot service to deploy Network Install disk images
and package installs, see the system imaging and software update administration
guide.
Deploying Images Without Using a Network
Deploying images by using FireWire drives is a slow process that requires you to
connect a FireWire drive to every deployed computer. The FireWire drive will include
Disk Utility so you can restore the FireWire volume. If you have a limited number of
FireWire drives, you have to wait for computers to complete installation before you can
reuse those FireWire drives. Although this is a slow process, it takes less time than
using a DVD for a single computer.
Using DVDs to deploy images is cheaper than using multiple FireWire drives. For a
single computer, using a DVD takes longer to refresh a system than using a FireWire
drive. It also takes longer to burn a DVD than to copy to a FireWire drive. Because DVDs
are cheaper to produce, you can deploy more images simultaneously. When creating a
prototype image for a DVD distribution, the prototype image’s size is limited to
approximately 2.2 gigabytes. This limitation is because you must also be able to start
up using the DVD.
Remote Administration
Mac OS X Server administration software is designed to be run remotely, across large
and small networks. Administrators don’t need physical access to a server to change
user, group, and computer settings.
This section surveys the applications you use to manage accounts, preferences, sharing,
and system imaging, and to provide day-to-day student support.
Student Work Environment Administration
You can use Workgroup Manager to configure sharing. With sharing, you can set up
folders containing files and applications so students can access them from anywhere
on the school network.
To work with a particular kind of account, click Accounts in the Workgroup Manager
toolbar and select the user, group, or computer list on the left side of the window.
Here, the user account list has been selected and settings for a student named Math
Student are displayed. Click buttons on the right to work with particular kinds of
settings—Groups to add the user to a group, Home to specify where you want his or
her home folder to reside, and so forth.
Notice the small globe just below the toolbar. It’s used to choose the directory
whose accounts you want to work with. Here, the directory being worked with is a
shared Open Directory domain that resides on the server where Workgroup Manager
is being used.
23
You can use group account settings to identify or remove group members and set up a
group folder for the group.
24
Loading...