Maintaining a Consistent Environment in a Mac Lab
It is desirable to present each user with a consistent environment in a computer lab. That way, each time a user logs in they will be presented with the same desktop, dock, system preferences, etc. This is part of what is provided with products like Deep Freeze. This article details a system I've developed, and is based on work by Mike Bombich, which is no longer available on his site.
The first step is to set permissions so that your users can only modify specific locations, like their home directory. We also wanted to provide local storage for the users, so I have a 'StudentData' partition where users have full permissions. I used a separate partition instead of an unmanaged folder in the home directory so that the lab can be imaged without losing student work.
Additionally, the professors that teach in the lab wanted to provide some defense against students losing work by accidentally leaving it on the desktop instead of saving it in the 'StudentData' partition. We also have some accounts that we don't want to manage, like the administrator account.
My solution is a script that runs as a logout hook. When run as a logout hook, the current user is passed to the script as the first parameter. The script first checks that the current user is one we want to manage. If so, it moves that user's entire home directory to a timestamped folder in the 'StudentData' partition and moves a clean home directory into place from a template.
You can set an arbitrary script to run as a login/out hook in OS X via the command:
sudo defaults write com.apple.loginwindow Log[in|out]Hook /path/to/script
I recommend keeping the size of the template as small as possible. If it is very large there will be a noticeable delay at logout while the template is moved into place. That is also why I run it as a logout instead of login hook.
With this system in place, any changes one user makes to their environment will be undone at logout. Any shortcuts users remove from the Dock and any work they save to the desktop will be removed for the next user. This keeps the environment consistent across all computers in the lab.