WGM Addendum
| Workgroup Manager Addendum is an application for 10.4 servers (it does not work on 10.3). It is designed to perform three major functions that Workgroup Manager doesn't, but that many System Administrators need. Repair - Repairs permissions on user homes. This is based on RUP (below), but has some additional options. Distribute - this will copy preferences or other items to designated folders within each user's home directory. This is excellent for copying preference files that aren't manageable by WGM. *NEW in version 0.5 - will now distribute items to the System's User Template so that they will be posted to new users as well. Delete - this will delete cache files, empty trash, or delete files of your choosing for each user. WGM Addendum is designed to work on sharepoints that are configured as Network Mounts (automounts), that is Home folders that automatically mount at login. These are generally set up in all Open Directory deployments. If you are using Active Directory or some other Directory Service that doesn't employ automounts, but you would like to have the features of WGM Addendum available to you, drop me an email (wgma@twomblys.com). |
 Download |
WGM Addendum is designed to be run on a Mac OS X 10.4 Server or higher. It's functions are largely explained by the Graphical User Interface. The license for it's use is included and must be agreed to before use. The license is very strict and requires a complete backup and plan for restoring for each system upon which the software is run.
WGM Addendum relies entirely on your pre-populated directory or directories. To view which directories will be accessed look in the configuration of "/Applications/Utilities/Directory Access". Due to the reliance of WGM Addendum on said directories, any miss-configuration or configuration outside of Apple recommendation may result in difficulties with WGM Addendum performing it's function(s). Since WGM Addendum must run with root privileges these difficulties may include catastrophic system failure - USER BE WARNED!
Explanation of how WGM Addendum works:
Unlike Workgroup Manager, WGM Addendum runs only on the local machine. If you would like to run it remotely, let me know (wgm@twomblys.com), I'll consider adding it to a future release.
WGM Addendum uses the NFSHomeDirectory attribute to find a user's home on the system. Except when repairing folders located in /Users under the Repair tab, WGM Addendum looks for "/Network/" in the NFSHomeDirectory attribute, then compares the FQDN (fully qualified DNS name), also within the NFSHomeDirectory attribute, with the global variable $HOSTNAME. If they are the same then WGM Addendum™ checks to see if the path exists. If it does, then WGM Addendum performs the requested action on that path.
If you have DNS errors, such that your $HOSTNAME variable is not correct, or was not correct at the time of setting up your home folder network mounts WGM Addendum™ will not work as designed.
Repair
This was the original intended purpose for WGM Addendum. Frequently during upgrades or reinstalls, home directories have to be copied from one drive to another, users have to be reimported with different uids, etc. What so often happens is, home directory permissions become mismatched and users no longer have access to their home folders.
The most common use of this function is already selected by default. If you simply want to repair the permissions for home folders on your server that are configured under an automount, put in your root password and click "Repair Now".
By selecting the check box for "Repair Homes in /Users" you can repair permissions on a client workstation - this is the only function of WGM Addendum that is designed to work on either servers or clients.
You can also modify the default permissions in the "Options" section.
Disallowing modification of the top level of the home directory will prevent users from creating additional folders at the level where any other user of the system has read access.
Changing the default group from "staff" to something like teachers or admin can be useful for system administration - use caution here because anyone who has access to this group may have access to what the users of your system consider private. Also note: the advent of ACLs in 10.4.3 provide another and perhaps more easily managed method of providing access to files/folders based on group.
Distribute
The Distribute feature allows you to copy an item or folder of your choice to a specific location within each user's home folder. This is very useful for copying preferences that may not be manageable using Workgroup Manager. Copying items to the Desktop or Documents folder for each user be useful as well, although it may be better to consider setting up a templates share point that all users have access to, simply because you won't use as much space.
When copying something to a custom location be sure not to use a leading "/". This will not work correctly. If you wanted to copy something to every iTunes folder within Music for instance, simply type Music/iTunes - /Music/iTunes will not work.
Notice the "Copy to /System/Library/User Template" checkbox. This is the template for new users. So, if you want a preference for all existing and future users, you will want to check this. However, due to the way this template is distributed, locked files will be unlocked and modifiable when new users are created.
Delete
Originally, I thought of this as being useful primarily when space is running low on a server or drive. However, it is also useful for deleting errant preferences. For instance if you are having problems with autosave in Microsoft Office, you can configure a set of preferences with autosave disabled, then you can delete the Microsoft preferences from every Library/Preferences folder and use the Distribute feature to copy out a set of corrected preferences.
Note: - This software is still being tested. Use according to the terms of the license agreement included. It is currently at version 0.5 which means that I consider it to be beta software. I have done extensive testing on a limited set of users and servers with good results. However, my testing has not been exhaustive. Please let me know if you use the software and how well it works for you (wgma@twomblys.com). I am not charging a license fee for WGM Addendum, but if you find it useful, functional, time-saving, etc., and would like to send me a tip, click here.