Restrict Mac like Group Policy for Windows

[DrPerceptron]

Is there any way of securing Mac OSX 10.5.5 using Active Directory accounts and not having to buy anything else?

So far nothing bad has become of the seemingly open access they have, but it will crop up at some point I can only guess.

[FN-GM]

You will need to buy OS X server.

What we did was buy a Mac Mini then buy the OS X server software, works a treat.

[Michael]

Well you can't use Group Policies to lock down Macs, but if you have secured shares and other resources using NTFS permissions, then a Mac shouldn't cause you any security problems. You should be prompted to authenticate as you would with Windows if you attempt to access a share.

[DrPerceptron]

hmm, Is it possible to just buy the Directory and Client Management segment? I doubt it is, but it would be useful since we have no uses really for the rest of the functionality it would bring...

[HodgeHi]

OS X Server at educational prices for unlimited is really quite cheap. You may find yourself utilising more of the services than you think. e.g. the wiki server is Ok.

I'm not sure as to how this would work but you can extend the AD Schema. Now if you extend the AD Schema i'm not sure if you still need an OS X Server or if you can just download the Server admin tools. and use those.

You could connect to the AD server in WGM and then change some of the settings there for the users/machines etc. You can download a whole set of vbscripts that will automate the whole extension for you and its free. I would perhaps test it on a virtual environment first though.

You can get the scripts from here:

Shukwit.com

[Geoff]

There are third party solutions out there, eg:

Group Policy for UNIX, Linux and Mac

unsure of costs though.

[DrPerceptron]

The thing we're looking at is, if it comes down to having a cost involved, we may as well go for OSX server, knowing that it is designed to "work" (haha!) plus, if we really wanted to use them, we could use the other features it provides...

[iSteve]

For ease of use, buy Mac OS X Server unlimited. It's only around £250 and a Mac Mini can easily cope with dishing out managed preferences. Depending on the number of macs you have, you could have it host NetBoot / Netinstall images for OS deployment too...

[russdev]

This has just flashed up on the twitter...

Twitter / Lora Deeds: @edugeekuk Your Mac GP que ...

Russ

[Oops_my_bad]

Centrify DC is good if you don't want to contaminate your windows network with a mac server. IIRC we paid about £60 per client (includes 1 years maintenance). Install the server component on one of your domain controllers and the client on your macs. Configure your policies like you do any GPO and away you go

Think we will have a mac server next year, only purely for imaging/updating macs though.

[gaz350]

interesting russ, wonder what the costs are?

[DrPerceptron]

Centrify DC is good if you don't want to contaminate your windows network with a mac server. IIRC we paid about £60 per client (includes 1 years maintenance). Install the server component on one of your domain controllers and the client on your macs. Configure your policies like you do any GPO and away you go

Think we will have a mac server next year, only purely for imaging/updating macs though.

hmm, sounds excessive for 50 Mac's, not that I know how much OSX Server is... but that's bought now anyway.

If it comes to less than perhaps in short term it would be better, although being able to image Mac's is a very appealing feature of OSXS. Saves the 4 weeks I spent imaging Mac's using a FireWire Hard Drive... I guess I could have just the one image too since I've only got Intel Mac's to play with.