User Configuration > Policies > Centrify Settings > Mac OS X Settings > Mobility Settings > Legacy Settings > Enable/disable synchronization
Create mobile accounts for users automatically and synchronize mobile accounts for offline use. If you enable this policy, a mobile account is created the next time the user logs into the network account.
Check the Create mobile account even if user does not have a network home directory option to create mobile accounts automatically for users the next time they log in to the Mac. This applies to all users, including users who do not have a network home directory.
Check the Require confirmation before creating a mobile account option if you want the user to be prompted to confirm the creation of the mobile account.
Check Encrypt contents with FileVault to encrypt the mobile home directory using the Mac FileVault system.
Note: FileVault protection can only be applied when a new mobile user is created at login. FileVault protection cannot encrypt an existing mobile-user home directory.
Select one of the computer master password options. The computer master password is a safety feature that allows you to unlock the FileVault disk image if the Active Directory user forgets their password:
- Use computer master password, if available — With this option checked, the mobile account will be created and FileVault protection applied whether or not a computer master password is available.
- Require computer master password — With this option checked, the mobile user account will only be created if a master password is available for the computer.
You can create a master password by clicking: System Preferences > Security > FileVault > Set Master Password.
This group policy corresponds to settings you make by opening Mobility preferences, then clicking the Synchronization pane in the Workgroup Manager.
Once enabled, this group policy takes effect when users log out and log back in.