Centrify DirectControl for Mac OS XQuestion:
Each time a new AD user logs into a Mac, the Spotlight feature searches through their home folder and stores the index locally on the machine.
For users who have been configured with network home folders, this may cause excessive network activity and performance degradation - especially if their home folders are large in size.
Is there a way to disable the Spotlight function in OS X via Group Policy?Answer:Option 1: To disable Spotlight on all volumes on the Mac systems:
Option 2: To disable Spotlight on just the user's home folders:
- Enable the following Group Policy:
- User Configuration / Centrify Settings / Common UNIX Settings / "Specify commands to run"
- Add the following command to this GP:
- The next time the user logs in (or at the next GP refresh interval), Spotlight will be disabled on the Mac.
- Create a login script with the following lines:
- mdutil -i off ~/
- (Or just use the one attached at the end of this KB)
- Save the script to the following folder on the AD server:
- \\ [domain] \SYSVOL\ [domain] \scripts\
- Set up the Login Script GP at:
- User Configuration / Centrify Settings / Mac OS X Settings / Scripts / "Specify multiple login scripts"
- Enter the filename of the script only: disable_user_spotlight.sh (If using the attached example)
- The "Parameters" field can be left blank.
- Note: Do NOT use the "Specify login script" GP for this script as it needs to be run within the user context.
- The setting will take effect the next time the user logs out and logs back in.
For further detail on the mdutil
command used in this KB, see the following Apple documentation: