Sunday, 19 February 2012

How to create groups and assign users in Lion Server

Takeaway: The basic steps of creating groups in Mac Lion Server and assigning users based on the groups.

Once user accounts are created in Mac OS X Lion Server, administration is simplified by assigning users to groups. Using groups, permissions and rights can be granted to entire collections of users, such as by department, instead of to individual user accounts.

How to create a group

Mac administrators can create groups by following these steps:
  1. Open the Server app.
  2. Click Groups.
  3. Click the + icon. The New Group window will appear.
  4. Provide the group name in the Full Name field.
  5. Enter the Account Name.
  6. Click the Done button.
Once groups are created, they appear within the Groups window. Groups can be deleted by highlighting the respective group and clicking the - icon.

How to assign a user to a group

With a group or groups created, Mac administrators can follow these steps to assign users to a group:
  1. Open the Server app.
  2. Click Groups.
  3. Double-click a group.
  4. Click the + icon.
  5. Enter the user name you wish to add to the group.
  6. Click the + icon to add additional users.
  7. Repeat the process until all appropriate users have been added to the group.
  8. Click the Done button.
Another method of adding users to a group is to enter the group selections from the user account. Mac administrators can add individual users to groups by following these steps:
  1. Open the Server app.
  2. Click Users.
  3. Double-click the user account for which group permissions are to be assigned.
  4. Click the + icon.
  5. Within the Groups window enter the name of the group to which you wish to assign the user.
  6. Click the + icon and enter another group name if multiple group selections are required, repeating until done.
  7. Click the Done button.

Make a group a member of another group

When necessary, groups can be made members of other groups. For example, maybe separate permissions need to be provided to select executive members of an HR group. To assign a group to another group:
  1. Open the Server app.
  2. Click Groups.
  3. Double-click the group you wish to assign permissions for another group.
  4. Click the + icon.
  5. Enter the name of the group to which you wish to provide the current group membership.
  6. Click the + icon and repeat the process if additional group memberships apply.
  7. Click the Done button.

Friday, 17 February 2012

How to create users in Mac OS X Lion Server

 Takeaway: Steps to create user accounts in Mac Lion Server, using both the Server app and Workgroup Manager.

You won’t find the Active Directory Users and Groups console in Mac OS X Lion Server. Instead, Mac administrators typically use the simplified Server app to create and administer user accounts on Lion servers.
For the purposes of this tutorial, I will review creating local user accounts. On Lion systems, local accounts enable a user to log in to the local system to access files, shares, services and other resources present on that system; local accounts cannot be used to log in to another computer upon which the same local user account isn’t already present. However, Lion users can log in to other systems using those systems’ local accounts and leverage local accounts configured on the server to access that server’s resources.

Create user accounts using the new Server app

Within Lion’s Server app, highlight Users in the left-hand console, then click the + icon within the Users window. The New User window will appear. Enter the user’s full name (usually the user’s complete first and last names using proper capitalization and spacing), account name (an abbreviated name), email address and password (which must be entered twice). Check the Allow user to administer this server box only if you wish for the new user account to possess administration privileges, otherwise leave it unchecked.
Because the Account Name is difficult to change, review it carefully before creating the user account. The Account Name is a shortened name that is usually composed of letters, numbers and/or an underscore, hyphen and/or period. Note that, in Mac OS X Lion, users can authenticate or log in using the values supplied either in the Full Name or Account Name fields within the New User window.
Lion administrators can access a user’s additional settings by right-clicking the new user account and selecting Advanced Options. The user account’s User ID, group memberships, Account Name, aliases and login shell and home directory appear. Settings can be modified but errors can prevent users from even logging in, so be sure to administer edits carefully.

Create new user accounts using Workgroup Manager

Lion administrators can also create new users using Workgroup Manager. To do so, open Launchpad, select the Server folder and choose Workgroup Manager. Enter the host name and administrator username and password within the resulting Workgroup Manager Connect window, then click Connect.
Next, click OK to close the directory node message. Then click the Accounts icon, followed by the New User toolbar icon. Click OK to acknowledge that users may not receive services access if service access control lists are in use, in which case services must later be individually configured for users.
Proceed by entering the new user information, leaving other default settings per Apple’s recommendations. Ensure you don’t provide the new user with administrator privileges unless you intend to do so, then click Save.
Note that, when creating new users within Workgroup Manager, new user accounts aren’t automatically added to the Workgroup group. User accounts created using the Server app, however, are automatically added to the Workgroup group.
