+ Post New Thread
Results 1 to 6 of 6
Mac Thread, Managing Macs in Technical; Hi all, We have a small number of iMacs (25) and we currently use Workgroup Manager to manage them with ...
  1. #1

    Join Date
    Oct 2012
    Location
    Derby
    Posts
    7
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Managing Macs

    Hi all,

    We have a small number of iMacs (25) and we currently use Workgroup Manager to manage them with a bit of stuff done during the Imaging process via DeployStudio. I'm very interested to see how other people do it as we didn't receive much training when the original solution was implemented and we've been picking stuff up, however we've got lots of quirks and bits not working as we'd like.

    I'm about to have a look at using SCCM to manage them, does anybody use this? If so, how do you find it - was it worth paying for?

    If you use something different, please let me know!

    Some of the key things we need / do:

    - Integrate with AD so that users can login using their Windows AD Account
    - Mount their Windows "home drive" based on user
    - Mount shared drivers based on user
    - Restrict access to certain features esp. parts of System Preferences
    - Deliver proxy settings

    We have had particular issues with keychain access (asks for login keychain password, which we don't know!)

    If happy to, it may be a great help if I would be able to come and see your system in action - client side and server side. I'm based in Derby, so Midlands area would be ideal!

    Thanks!

  2. #2
    stevehp's Avatar
    Join Date
    Jul 2008
    Location
    Ohio
    Posts
    102
    Thank Post
    13
    Thanked 19 Times in 16 Posts
    Rep Power
    16
    How are you creating client images? If they are of the golden master variety (i.e. booted image with software preinstalled) then your user template has been poisoned and contains the login keychain from your booted image. If you were to use a tool like instaDMG or AutoDMG or Apple's own System Image Utility they create non-booted images that don't contain poisoned user templates.

    If you are primarily a Windows shop then SCCM would be a good choice, but if your Mac PC to Windows PC ratio leans toward the shiny variety then an MDM like Casper or Meraki (free!) would be a better choice.

    I personally use a myriad of pay and FOSS tools. For user and group management I use the OSX Server.app. For computer level client settings I use Profile Manager. For user and group level settings I use Profile Manager, Munki, and for any remaining MCX settings I use Workgroup Manager. To deploy software I use Munki. Imaging is a mixture of an instaDMG image and Deploy Studio to image the clients. I'm on the other side of the pond so unless you want to come out to the American Midwest that's the best I can do to describe our current mac environment.

  3. #3

    Join Date
    Oct 2012
    Location
    Derby
    Posts
    7
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Yep we pre-install all of the software onto a clean install of OS X, take an image and then deploy via DeployStudio which also binds to OD/AD etc.

    I was under the impression that login keychain was user specific? I've only logged onto the Mac as the Local Administrator account prior to the imaging process, which is an account that I do log into anyway even when the Mac is in a built state ready to use.

    I'll have to have a look at the alternatives. The way we do it was ideal because of complex install procedures for certain pieces of software that we have. Some software has complex activiation processes and others have to be installed in a specific ways etc.

    I've had a quick look at Profile Manager, however i've not heard great things about it!

  4. #4
    SovietRussia's Avatar
    Join Date
    Mar 2013
    Location
    Powys, Wales
    Posts
    606
    Thank Post
    67
    Thanked 131 Times in 102 Posts
    Rep Power
    43
    Quote Originally Posted by _kstone View Post
    I've had a quick look at Profile Manager, however i've not heard great things about it!
    New versions of Profile Manager are much, much better. The new server app for OS X Mavericks for example.

  5. #5

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,821
    Thank Post
    873
    Thanked 1,675 Times in 1,458 Posts
    Blog Entries
    12
    Rep Power
    444
    Quote Originally Posted by stevehp View Post
    How are you creating client images? If they are of the golden master variety (i.e. booted image with software preinstalled) then your user template has been poisoned and contains the login keychain from your booted image. If you were to use a tool like instaDMG or AutoDMG or Apple's own System Image Utility they create non-booted images that don't contain poisoned user templates.

    If you are primarily a Windows shop then SCCM would be a good choice, but if your Mac PC to Windows PC ratio leans toward the shiny variety then an MDM like Casper or Meraki (free!) would be a better choice.

    I personally use a myriad of pay and FOSS tools. For user and group management I use the OSX Server.app. For computer level client settings I use Profile Manager. For user and group level settings I use Profile Manager, Munki, and for any remaining MCX settings I use Workgroup Manager. To deploy software I use Munki. Imaging is a mixture of an instaDMG image and Deploy Studio to image the clients. I'm on the other side of the pond so unless you want to come out to the American Midwest that's the best I can do to describe our current mac environment.
    If you want to use OSD on the macs (for the Windows side) you cant. Apple decided it was a good idea to make the GUID on each machine the same. SCCM as a fit!

  6. #6
    stevehp's Avatar
    Join Date
    Jul 2008
    Location
    Ohio
    Posts
    102
    Thank Post
    13
    Thanked 19 Times in 16 Posts
    Rep Power
    16
    If you aren't copying anything manually to the User Template or allowing Deploy Studio to do it then it's most likely the System keychain in /Library/Keychains/ that's giving you problems. I won't get into which one is better argument. The internet is filled with mac sysadmins that go back and forth with each other about it. The work up front to package software so that activation and setup procedures don't bug users seemed daunting to me, but in the end I can just plug those packages into Munki or if need be into my image workflow. It works great for me, but I won't crusade for it since sysadmins need to make there own minds up about this particular subject.

    Profile Manager was a major pita in Lion, got better in Mountain Lion and much better in Mavericks. You need to have a machine with plenty of ram and the highest spec processor you can get. It's a major resource hog, and it's not exceptionally great to contend with in large deployments. I have right around 1200 devices enrolled into your Profile Manager instance and it crawls some days.

SHARE:
+ Post New Thread

Similar Threads

  1. JAMF Casper Suite to manage Macs?
    By Max_Power in forum Mac
    Replies: 1
    Last Post: 7th June 2013, 08:41 AM
  2. Managing Mac from Active Directory
    By Michael in forum Windows Server 2000/2003
    Replies: 5
    Last Post: 9th June 2011, 11:14 AM
  3. Workgroup Manager / Managing Macs
    By brahma in forum Mac
    Replies: 3
    Last Post: 3rd December 2008, 12:02 PM
  4. Mac Management Document from Apple
    By kingswood in forum Mac
    Replies: 1
    Last Post: 28th October 2008, 10:10 PM
  5. Manager AD from a Mac
    By mmoseley in forum Mac
    Replies: 3
    Last Post: 5th October 2008, 07:03 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •