Applies to: All versions of Centrify DirectControl on Mac OS X
The "Folder Redirection" group policies stop working after a reboot while the redirection actions at logout time do not work at all.
Is there any reason for this?
This was because the entire ~/Library folder was being redirected to /tmp this is strongly against recommendations.
Unlike other UNIX systems, OS X deletes everything in the /tmp folder after rebooting. The correct way is to redirect ~/Library/caches to /tmp instead.
The Centrify Admin Guide for Mac OS X advises to redirect ~/Library/caches to /tmp/%@/Library/caches because ~/Library/cache is only needed for current session data (The agent will automatically substitute the "%@" character into the current logged-in username).
If the folder is redirected to a sub-folder of /tmp, then the sub-folder will be created automatically.
If the folder is redirected to a folder outside /tmp, then the user must have write permissions at the target location.
Restoring the redirected folder at logout will not work - the system can redirect a network folder to local folder at login, but cannot then set it back at logout time.
(I.e. Restoring the redirection symlink back to a regular folder on the network share at logout)
This is an Apple bug as the same behaviour can also be found using the built-in Apple AD plugin. (Apple bug #6572029)
At the time of writing, the restore section of the "Delete symbolic link, and restore" GP is broken due to this Apple bug.
Further reading on Folder Redirection, including the usage of the "%@" syntax can be found on pg154 of the Centrify Admin Guide for Mac OS X: