+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 30 of 30
Mac Thread, Mac Server, Windows Domain, AD etc... in Technical; Originally Posted by mike86 thanks, having trouble getting client macs to show in workgroup manager, they are bound to the ...
  1. #16

    seawolf's Avatar
    Join Date
    Jan 2010
    Location
    Melbourne
    Posts
    720
    Thank Post
    7
    Thanked 214 Times in 167 Posts
    Rep Power
    138
    Quote Originally Posted by mike86 View Post
    thanks, having trouble getting client macs to show in workgroup manager, they are bound to the OD & AD, they show in the AD section on workgroup manager but only the server shows in the OD part. If I try to add it manually it says there's already a mac with this name?! So confused.
    You have do do a secure bind of clients to OD when you have a magic triangle setup for computers to appear in WGM.

    BTW - this is probably the most up to date instructions for setting up magic triangle I've seen lately - current as of 10.8.4

    http://www.papercut.com/kb/Main/MacOSXMagicTriangle

  2. #17

    Join Date
    Mar 2012
    Location
    Cheshire
    Posts
    55
    Thank Post
    19
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Thanks again Seawolf, Happy days, I'm pretty much done with setting them up now, user logs in with AD account & the machines are locked down.

    In order to get it to work properly I had to create a group in OD & import the ad groups/users, then set up my WGM preferences.

    The next step is deploying a bunch of apps. Had a quick google & looks like I need to invest in ARD. Is there a way of deploying apps to the macs without this?

  3. #18

    seawolf's Avatar
    Join Date
    Jan 2010
    Location
    Melbourne
    Posts
    720
    Thank Post
    7
    Thanked 214 Times in 167 Posts
    Rep Power
    138
    Quote Originally Posted by mike86 View Post
    Thanks again Seawolf, Happy days, I'm pretty much done with setting them up now, user logs in with AD account & the machines are locked down.

    In order to get it to work properly I had to create a group in OD & import the ad groups/users, then set up my WGM preferences.

    The next step is deploying a bunch of apps. Had a quick google & looks like I need to invest in ARD. Is there a way of deploying apps to the macs without this?
    ARD is well worth the (very small) investment and it can do far more than just deploy software packages. Highly recommended. You can also use DeployStudio to deploy packages (apps) and it makes a great free Mac imaging tool as well. It can do Mac only or dual and triple boot deployments as well.

  4. #19

    seawolf's Avatar
    Join Date
    Jan 2010
    Location
    Melbourne
    Posts
    720
    Thank Post
    7
    Thanked 214 Times in 167 Posts
    Rep Power
    138
    Quote Originally Posted by mike86 View Post
    Thanks again Seawolf, Happy days, I'm pretty much done with setting them up now, user logs in with AD account & the machines are locked down.

    In order to get it to work properly I had to create a group in OD & import the ad groups/users, then set up my WGM preferences.

    The next step is deploying a bunch of apps. Had a quick google & looks like I need to invest in ARD. Is there a way of deploying apps to the macs without this?
    http://deploystudio.wikispaces.com/ - a good resource for all things DeployStudio.

    The other free options out there are Munki (or Simian) and Puppet. I haven't tried these myself, but they have a good rep. Beyond these, Casper Suite can do just about anything you could want in managing Macs. Costs money, but reasonable for Edu.

  5. Thanks to seawolf from:

    mike86 (5th August 2013)

  6. #20

    Join Date
    Mar 2012
    Location
    Cheshire
    Posts
    55
    Thank Post
    19
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Cheers man, Getting into this now. I've managed to lock it down as much as i can, edited the sidebar plist & got rid of network/harddrives etc in finder, however when clicking the computer name you still get an option to browse the network, is there a way of killing this, can't seem to do it as an admin user either. arghh. I will defeat these macs, Seawolf i owe you many pints.

  7. #21

    seawolf's Avatar
    Join Date
    Jan 2010
    Location
    Melbourne
    Posts
    720
    Thank Post
    7
    Thanked 214 Times in 167 Posts
    Rep Power
    138
    Quote Originally Posted by mike86 View Post
    Cheers man, Getting into this now. I've managed to lock it down as much as i can, edited the sidebar plist & got rid of network/harddrives etc in finder, however when clicking the computer name you still get an option to browse the network, is there a way of killing this, can't seem to do it as an admin user either. arghh. I will defeat these macs, Seawolf i owe you many pints.
    Sorry, I've never tried to kill the network browsing feature myself, so I'm not positive about this one. I can't find anything about removing this at afp548, krypted, etc. so I it doesn't look like it can be done, but I might be wrong. There is usually a way with plists and MCX, but there are some things Apple just wont let you change in the interface.

    Do you not want students to be able to access network shares at all on the Macs? Normally, I wouldn't remove the network drives from the finder so the students could access the network shares. Just trying to understand the use case to make sure there isn't another way to achieve what you want.

  8. #22

    seawolf's Avatar
    Join Date
    Jan 2010
    Location
    Melbourne
    Posts
    720
    Thank Post
    7
    Thanked 214 Times in 167 Posts
    Rep Power
    138
    Here's a good little overview of the options that are available in Finder. Finder tabs and tagging and other tweaks are coming in 10.9 Mavericks, but until then this is pretty comprehensive.

    http://mac.tutsplus.com/tutorials/os...er-experience/

  9. #23


    Join Date
    Feb 2007
    Location
    51.405546, -0.510212
    Posts
    8,098
    Thank Post
    203
    Thanked 2,383 Times in 1,763 Posts
    Rep Power
    703
    Quote Originally Posted by mike86 View Post
    when clicking the computer name you still get an option to browse the network, is there a way of killing this
    www.edugeek.net/forums/mac/82996-hiding-sysvol-etc-shares-finder.html#post732606

  10. #24

    seawolf's Avatar
    Join Date
    Jan 2010
    Location
    Melbourne
    Posts
    720
    Thank Post
    7
    Thanked 214 Times in 167 Posts
    Rep Power
    138
    Putting the Macs into their own VLAN won't do the trick unless you're blocking all non-unicast traffic from crossing VLANs (it doesn't here). But, if you do that, then you'll create issues with imaging across VLANs, etc.

    Turning off NetBIOS might have the desired effect, but I'm not so sure since I haven't tested that.

  11. Thanks to seawolf from:

    Arthur (6th August 2013)

  12. #25

    Join Date
    Mar 2012
    Location
    Cheshire
    Posts
    55
    Thank Post
    19
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Cheers guys, something to have a crack at this afternoon. What i've noticed too is that when saving a document the user can browse to the hard drive by clicking on the computer name. I only want them to be able to save to their home folder & nas box that we have. I know there will be a world of hurt when kids start saving stuff to the local drive then panic that the "network has deleted their work" when they don't see it in their home folder on another machine. Anyone know how to do this...There's lots of stuff on the web to do with running terminal commands, but don't fancy pasting these straight in without knowing what they are doing. Sure there will be some way to script hiding a drive on login. I'll be glad when these are done, i'll never curse group policy & active directory again.

    Thanks again for all of your help with this. Has anyone done the ACSP training? How did you find it?

  13. #26

    seawolf's Avatar
    Join Date
    Jan 2010
    Location
    Melbourne
    Posts
    720
    Thank Post
    7
    Thanked 214 Times in 167 Posts
    Rep Power
    138
    Quote Originally Posted by mike86 View Post
    Cheers guys, something to have a crack at this afternoon. What i've noticed too is that when saving a document the user can browse to the hard drive by clicking on the computer name. I only want them to be able to save to their home folder & nas box that we have. I know there will be a world of hurt when kids start saving stuff to the local drive then panic that the "network has deleted their work" when they don't see it in their home folder on another machine. Anyone know how to do this...There's lots of stuff on the web to do with running terminal commands, but don't fancy pasting these straight in without knowing what they are doing. Sure there will be some way to script hiding a drive on login. I'll be glad when these are done, i'll never curse group policy & active directory again.

    Thanks again for all of your help with this. Has anyone done the ACSP training? How did you find it?
    Have you actually tried to save data to the local drive? The only location a non-admin user has permission to change or write to is the Users/Shared location and their own User directory IF they are not using a network home. If you are using network homes, the only place they could save anything locally is the /Users/Shared location. If users do that, they would know they aren't saving to the network and they would really have to go looking for it. So, I would be inclined to say bad luck to them.

    Of course, you could always set your images to restrict access to the Shared directory to prevent even that. Just make sure you don't use any apps that rely on using the Shared directory to function properly. There shouldn't be nay or many properly written ones that do. sudo chmod 664 on that directory should do it. Or Cmd+I on the directory to make the change through the GUI.

  14. #27

    Join Date
    Mar 2012
    Location
    Cheshire
    Posts
    55
    Thank Post
    19
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    yep, they can only save to their users directory.

    Their home folder gets mapped & put on the dock (guess its setting this through ad as has always done this) can I redirect the users directory to this?

  15. #28

    seawolf's Avatar
    Join Date
    Jan 2010
    Location
    Melbourne
    Posts
    720
    Thank Post
    7
    Thanked 214 Times in 167 Posts
    Rep Power
    138
    Quote Originally Posted by mike86 View Post
    yep, they can only save to their users directory.

    Their home folder gets mapped & put on the dock (guess its setting this through ad as has always done this) can I redirect the users directory to this?
    Sounds like you didn't set the users up to use a Network Home then. To do that, untick "Force local home directory on startup disk" when you bind the computer ImageUploadedByEduGeek1375793376.391283.jpg. Here's another tip about redirecting the cache folder to the local disk to improve performance

    http://houseofmac.wordpress.com/2010...r-redirection/

  16. #29

    Join Date
    Mar 2012
    Location
    Cheshire
    Posts
    55
    Thank Post
    19
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Bingo That's done the trick & I've added the home folder to the side bar, However since setting that the home folder isn't being put on the doc anymore, and setting it to add it in WGM doesn't work, however it will add the documents folder?!

    Also I've set to simple finder because I only wanted students to browse their home folder however if this is not on the doc, they have no access to it at all, other than when saving...I can give back full finder, but then they would be able to edit finder sidebar preferences which is defeating the object of locking them down..Ideas?

  17. #30

    seawolf's Avatar
    Join Date
    Jan 2010
    Location
    Melbourne
    Posts
    720
    Thank Post
    7
    Thanked 214 Times in 167 Posts
    Rep Power
    138
    Quote Originally Posted by mike86 View Post
    Bingo That's done the trick & I've added the home folder to the side bar, However since setting that the home folder isn't being put on the doc anymore, and setting it to add it in WGM doesn't work, however it will add the documents folder?!

    Also I've set to simple finder because I only wanted students to browse their home folder however if this is not on the doc, they have no access to it at all, other than when saving...I can give back full finder, but then they would be able to edit finder sidebar preferences which is defeating the object of locking them down..Ideas?
    You can set MCX finder preferences to "Always" so they can't edit those preferences. I would stay away from simple finder unless these are really young students, it's just TOO simple, and limiting. As for the network home on the dock, I believe that's a consequence of using the network home for the logged in account. If you turned on the option to show "Connected Servers" n the desktop in Finder preferences then they would be able to see the network home mount on the desktop.

    I think you are probably trying to force OSX into the model often used for Windows (and that we use for Windows), but I've found that we don't have nearly as much problem with students trying to mess around with the settings or saving docs to the wrong place with the Mac compared to Windows. Some students don't even realise they can click the triangle when saving to choose a destination other than Desktop, Documents, Movies, Pictures, or Music. And that's actually a good thing. The searching on the Mac is so good there isn't a need to use the traditional hierarchical folder structure. Most of the time, students make a mess of this anyway and forget where they saved something. If they save everything at the top level of the directory and learn to search with spotlight it works out better.

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Replies: 6
    Last Post: 22nd February 2011, 11:23 AM
  2. Replies: 6
    Last Post: 15th October 2010, 11:55 AM
  3. sambafile server windows domain
    By duxbuz in forum Wireless Networks
    Replies: 15
    Last Post: 25th June 2010, 11:01 AM
  4. backing Up Mac in Windows Domain
    By brahma in forum Mac
    Replies: 2
    Last Post: 18th March 2010, 06:50 PM
  5. Replies: 7
    Last Post: 12th November 2009, 05:29 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •