MAC Books in Enterprise
#1
Scooby Regular
Thread Starter
MAC Books in Enterprise
Gents do any of you have real work experience of adding or testing MAC Books in Enterprise.
My Client is circa 160,000 users, and im standing in as IT Manager for 6 months and one of my fun tasks when i get time is looking at MACs and integration, as your aware they dont really integrate very well with Active Directory and adhere to all the policies, agents that a normal Domain chucks as a normal windows laptop, so i wanted to know what 3rd party products you can run to get this integration. Ive read that you can do the following
1. Use AD as the authentication method to login to the MAC, what do i need to do this.
2. An addon to accept domain policies, what is this ?
I know there are SCCM 2012 and SCOM addins to manage MACs.
Anybody any more input i can test
My 2 new spangly Retina macs will ariive this morning and i have 3 tasks
Boot Camp it and Bit locker the drive, this should work as Windows wont see the IOS partition
Run VMware in IOS and section it off, Unsure what i can get with this but gonna test
and lastly the true single IOS login that complies with security.
Thanks
Ted
My Client is circa 160,000 users, and im standing in as IT Manager for 6 months and one of my fun tasks when i get time is looking at MACs and integration, as your aware they dont really integrate very well with Active Directory and adhere to all the policies, agents that a normal Domain chucks as a normal windows laptop, so i wanted to know what 3rd party products you can run to get this integration. Ive read that you can do the following
1. Use AD as the authentication method to login to the MAC, what do i need to do this.
2. An addon to accept domain policies, what is this ?
I know there are SCCM 2012 and SCOM addins to manage MACs.
Anybody any more input i can test
My 2 new spangly Retina macs will ariive this morning and i have 3 tasks
Boot Camp it and Bit locker the drive, this should work as Windows wont see the IOS partition
Run VMware in IOS and section it off, Unsure what i can get with this but gonna test
and lastly the true single IOS login that complies with security.
Thanks
Ted
#2
Scooby Regular
Join Date: Mar 1999
Location: The Great White North
Posts: 25,080
Likes: 0
Received 0 Likes
on
0 Posts
Ted,
Three to five years ago I would have said to use MacAdministrator, but alas it is no more as of Feb 2010 (I was technical manager for Hi Resolution who created MA) I do have knowledge of getting Macs to talk to various things.
So, Golden Triangle is one way.Basically, OS X sever is setup to be bound to AD, then you have your mac clients authenticate to that OS X server. That's the authentication part sorted. As for domain policies, well, depends what you want to do exactly. If you want mac desktop lockdown, for example, what system pref panes can be accessed, what apps can be run, then look at the "Preferences" part of OS X server in Workgroup manager. You can apply settings on a user and computer basis, and I also think a group (machine and user) basis too.
Groups will be coming from AD, so they can match up, not sure about lists of machines.
You could also look at the ADmit Mac product and see if that helps.
If you're getting into imaging of machines, there are things like Casper and deploystudio you can look at, as well as freware instadmg (think slipstreaming but for mac.
Am happy to answer any questions about this stuff, and may be able to put you in touch with someone who does a similar thing in a corporate environment, best if you PM me about that.
Three to five years ago I would have said to use MacAdministrator, but alas it is no more as of Feb 2010 (I was technical manager for Hi Resolution who created MA) I do have knowledge of getting Macs to talk to various things.
So, Golden Triangle is one way.Basically, OS X sever is setup to be bound to AD, then you have your mac clients authenticate to that OS X server. That's the authentication part sorted. As for domain policies, well, depends what you want to do exactly. If you want mac desktop lockdown, for example, what system pref panes can be accessed, what apps can be run, then look at the "Preferences" part of OS X server in Workgroup manager. You can apply settings on a user and computer basis, and I also think a group (machine and user) basis too.
Groups will be coming from AD, so they can match up, not sure about lists of machines.
You could also look at the ADmit Mac product and see if that helps.
If you're getting into imaging of machines, there are things like Casper and deploystudio you can look at, as well as freware instadmg (think slipstreaming but for mac.
Am happy to answer any questions about this stuff, and may be able to put you in touch with someone who does a similar thing in a corporate environment, best if you PM me about that.
Last edited by Markus; 10 July 2012 at 05:16 PM.
#3
Scooby Regular
Thread Starter
Thanks Markus good post, i was expecting the macs today but only the imacs came so i never got anywhere. I,ll look at your comments and test some watch for some pms, i wont be starting till aug 1st due to holiday this saturday yehaaa.
But as for policies, i suppose the easier stuff, like drive mappings proxy settings etc should be ok, maybe a screensaver lockout
One thing i forgot to ask, what encryption do macs have thats like bitlocker or checkpoint is ther anything to do the disks.
Thanks again maty
Ted
But as for policies, i suppose the easier stuff, like drive mappings proxy settings etc should be ok, maybe a screensaver lockout
One thing i forgot to ask, what encryption do macs have thats like bitlocker or checkpoint is ther anything to do the disks.
Thanks again maty
Ted
#4
Scooby Regular
Join Date: Apr 2004
Location: Cardiff
Posts: 1,928
Likes: 0
Received 0 Likes
on
0 Posts
I look after Mac Servers and labs in my place.
We use the triangle setup as Marcus said above. User accounts from Active Directory Mac policies from OSX server.
I use Deploy Studio to push images to Macs along with Apple Remote Desktop to manage mac labs and staff members.
I made some documents for support staff regarding the above, send me a pm if you want them.
We use the triangle setup as Marcus said above. User accounts from Active Directory Mac policies from OSX server.
I use Deploy Studio to push images to Macs along with Apple Remote Desktop to manage mac labs and staff members.
I made some documents for support staff regarding the above, send me a pm if you want them.
#5
Scooby Regular
Join Date: Apr 2004
Location: Cardiff
Posts: 1,928
Likes: 0
Received 0 Likes
on
0 Posts
Lion uses File Vault IIRC to encrypt the disk, not sure above previous versions but I know you can encrypt the user profiles.
Thread
Thread Starter
Forum
Replies
Last Post
acemodder
ScoobyNet General
50
01 October 2015 07:01 PM