Strategies for School Account Management
Novell Cool Solutions: Tip
Digg This -
Posted: 8 Sep 2004
A reader recently contributed an interesting strategy for setting up and maintaining school accounts for elementary and secondary students ...
School Account Management Strategy
Here's what we do in our system (21 sites, 14,000 students):
Staff members are all assigned individually named accounts with the usual things like home directories, etc. These accounts are created in a separate OU.
Elementary students have a generic account created with sufficient access to run any required server-based applications (reading software, etc.). Generally, no password is required for this account, and the computers normally used by students (labs, etc) are set up to auto-login using this account - just turn them on and teach. This also handles any guest access needs.
A home directory is created for each user and usually placed within the directory structure most often used by that account (reading software, for example). The account has no S or A right to home directory. Inside the home directory, sub-directories are created - one for each teacher - and each teacher is assigned RWCEMF to their subdirectory. This way, students do not have to mess with floppies (usually too small for PowerPoint and other files they are creating) or save files to the local hard drive (we run W2K and XP under Limited User licenses in the labs). Students save files to the generic user home directory, placing them within the teacher's subdirectory, and teachers are able to collect the work for evaluation. Size limits are placed on the subdirectories, so it's up to staff members to keep their space cleaned up. Very little work is required to clean up at the end of a school year and have all systems ready to start school again.
Secondary students are assigned individual accounts but are not able to change their password until 10th grade. They have individual home directories with space caps, and these home directories are created within a separate directory structure on the server. Student accounts are generated within a separate OU. These are not recognizably named accounts, as account names are created by using JRBimport (from JRB Utils) to import username/password pairs that have been randomly generated. These key pairs are stored in an Excel spreadsheet placed in a directory where only staff members have access, for assigning accounts at beginning of school year.
At the end of the school year we simply delete all the student home directories and delete all accounts within the Student OU., then we're ready to re-import the account list at the start of the new year.
Remember, schools are a much more dynamic DS environment than most businesses. You'll want to design so that the most frequently changing items, like student accounts and their files, can be quickly and cleanly flushed from the system as needed.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com