Mac OS X: Mobile Accounts

Over this past week, spring break in my district, we prepared over 130 MacBooks for deployment in our two middle schools, Hinsdale Middle school and Clarendon Hills Middle School. The idea of course is to provide our teachers with the ability to utilize advanced technologies in the classroom while making it more convient for them to do the preperation and grading required to maintain that classroom. We made the decision to provide our elementary school teachers with an Intel iMac in the classroom (In addition to the 3 g3 iMacs, and 5 g4 ibooks for students), and the MacBooks for the Middle School teachers. I was not a part of this decision making process, it was before my time, but to me the purpose of providing the teachers with a MacBook instead of an iMac is to allow them to take there work home, or at least out of the classroom enviornment.

Management of Notebook accounts is a little more difficult then the typical user account, in order to create a managed enviornment for the user and maintain the integrity of your network you are faced with 3 options: Local User Accounts, Standard Managed Accounts, and Mobile Accounts.

Local User Accounts

The local user account option is the standard laptop setup that most people use. It consists of an account locally stored on the computer, with all the users data kept on the internal hard drive of the computer. This solution is far from ideal in a number of ways. First and foremost the user can only access their data from that particular laptop and not from any other computer on the network. Should some component of that laptop fail, like the hard disk, the user can easily lose all their information or at least lose access to in while the machine is being repaired. Of course the information can be backed up to an external source but unless that process is simple, and seemless to the end user you will likely not have much success. Either the user will fail to backup, or you and your staff will have to backup each computer personally.

The other downside to local user accounts is a loss of control over that system. By operating the computer completely seperate from your network you surrender a lot of control that you have over the security, integrity, and stability of the client. By not managing that account you are forced to either give that user administrative access or risk their inability to control vital functionality on their machine such as the ability to add access to their home printers.

Standard Managed Accounts

A standard managed account is what you will typically have for any user on your network be it students, teachers, employees, or clients. This is the layout where your user can log into their account from any computer on your network and access their files, and also allows you complete controls over the user experience limiting everything from the software they access to the system preferences they can modify. This system also has built in protection of the user's data by not tying it to any one machine or compontent that can fail. Unfortunatly for a notebook this limits the amount of portability. Of course if your intention is for the machine to only be used in your network, like a student machine for the library or classroom this may still work. However, in a situation where you want your user to be able to leave the confines of your network this leaves the machine either crippled or you have to create a local user account for use at home. Creating a local account for home use sort of defeats the purpose of the network accounts. Your users will eventually start using only the local accounts because that will work both on and off network again defeating the whole purpose of a managed account.

Mobile Accounts

A mobile account refers to an account is well...mobile. The account is fully managed offering all of the benefits above, but adds in the active syncing between both their local machines and the network. Setup is rather simple, just turn on the mobility features in workgroup manager. Then every time the user connects to your network the local and network accounts are synced automatically, providing both an automatic backup and the ideal mobility situation. You can still manage their accounts and control their access and privledges while still allowing them the ability to access their information off network. This functionality is built into Mac OS X 10.4 server, and I expect like everything else to see a major performance/functionality improvents in Leopard.

After much discussion our district chose the obvious option of mobile accounts, and we begin rolling them out tomorrow. I will be making followup posts discussing any problems or challenges that we face in the coming week.