+ Post New Thread
Results 1 to 12 of 12
Mac Thread, Restrict Mac like Group Policy for Windows in Technical; Is there any way of securing Mac OSX 10.5.5 using Active Directory accounts and not having to buy anything else? ...
  1. #1
    DrPerceptron's Avatar
    Join Date
    Dec 2008
    Location
    In a house
    Posts
    917
    Thank Post
    34
    Thanked 134 Times in 114 Posts
    Rep Power
    41

    Restrict Mac like Group Policy for Windows

    Is there any way of securing Mac OSX 10.5.5 using Active Directory accounts and not having to buy anything else?

    So far nothing bad has become of the seemingly open access they have, but it will crop up at some point I can only guess.

  2. #2

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,821
    Thank Post
    873
    Thanked 1,675 Times in 1,458 Posts
    Blog Entries
    12
    Rep Power
    444
    You will need to buy OS X server.

    What we did was buy a Mac Mini then buy the OS X server software, works a treat.

  3. Thanks to FN-GM from:

    DrPerceptron (12th December 2008)

  4. #3

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    Well you can't use Group Policies to lock down Macs, but if you have secured shares and other resources using NTFS permissions, then a Mac shouldn't cause you any security problems. You should be prompted to authenticate as you would with Windows if you attempt to access a share.

  5. Thanks to Michael from:

    DrPerceptron (12th December 2008)

  6. #4
    DrPerceptron's Avatar
    Join Date
    Dec 2008
    Location
    In a house
    Posts
    917
    Thank Post
    34
    Thanked 134 Times in 114 Posts
    Rep Power
    41
    hmm, Is it possible to just buy the Directory and Client Management segment? I doubt it is, but it would be useful since we have no uses really for the rest of the functionality it would bring...

  7. #5

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,190
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56
    OS X Server at educational prices for unlimited is really quite cheap. You may find yourself utilising more of the services than you think. e.g. the wiki server is Ok.

    I'm not sure as to how this would work but you can extend the AD Schema. Now if you extend the AD Schema i'm not sure if you still need an OS X Server or if you can just download the Server admin tools. and use those.

    You could connect to the AD server in WGM and then change some of the settings there for the users/machines etc. You can download a whole set of vbscripts that will automate the whole extension for you and its free. I would perhaps test it on a virtual environment first though.

    You can get the scripts from here:

    Shukwit.com

  8. 2 Thanks to HodgeHi:

    DrPerceptron (12th December 2008), jubbi (12th January 2009)

  9. #6

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    There are third party solutions out there, eg:

    Group Policy for UNIX, Linux and Mac

    unsure of costs though.

  10. Thanks to Geoff from:

    DrPerceptron (12th December 2008)

  11. #7
    DrPerceptron's Avatar
    Join Date
    Dec 2008
    Location
    In a house
    Posts
    917
    Thank Post
    34
    Thanked 134 Times in 114 Posts
    Rep Power
    41
    The thing we're looking at is, if it comes down to having a cost involved, we may as well go for OSX server, knowing that it is designed to "work" (haha!) plus, if we really wanted to use them, we could use the other features it provides...

  12. #8

    Join Date
    Jan 2007
    Location
    The Console
    Posts
    236
    Thank Post
    22
    Thanked 29 Times in 23 Posts
    Rep Power
    22
    For ease of use, buy Mac OS X Server unlimited. It's only around 250 and a Mac Mini can easily cope with dishing out managed preferences. Depending on the number of macs you have, you could have it host NetBoot / Netinstall images for OS deployment too...

  13. Thanks to iSteve from:

    DrPerceptron (12th December 2008)

  14. #9

    russdev's Avatar
    Join Date
    Jun 2005
    Location
    Leicestershire
    Posts
    6,918
    Thank Post
    708
    Thanked 550 Times in 365 Posts
    Blog Entries
    3
    Rep Power
    204
    This has just flashed up on the twitter...

    Twitter / Lora Deeds: @edugeekuk Your Mac GP que ...

    Russ

  15. Thanks to russdev from:

    DrPerceptron (12th December 2008)

  16. #10
    Oops_my_bad's Avatar
    Join Date
    Jan 2007
    Location
    Man chest hair
    Posts
    1,738
    Thank Post
    438
    Thanked 53 Times in 50 Posts
    Rep Power
    30
    Centrify DC is good if you don't want to contaminate your windows network with a mac server. IIRC we paid about 60 per client (includes 1 years maintenance). Install the server component on one of your domain controllers and the client on your macs. Configure your policies like you do any GPO and away you go

    Think we will have a mac server next year, only purely for imaging/updating macs though.

  17. Thanks to Oops_my_bad from:

    DrPerceptron (12th December 2008)

  18. #11
    gaz350's Avatar
    Join Date
    Jul 2007
    Location
    Rutland, east.leicestershire :P
    Posts
    579
    Thank Post
    47
    Thanked 49 Times in 41 Posts
    Rep Power
    28
    interesting russ, wonder what the costs are?

  19. #12
    DrPerceptron's Avatar
    Join Date
    Dec 2008
    Location
    In a house
    Posts
    917
    Thank Post
    34
    Thanked 134 Times in 114 Posts
    Rep Power
    41
    Quote Originally Posted by Oops_my_bad View Post
    Centrify DC is good if you don't want to contaminate your windows network with a mac server. IIRC we paid about 60 per client (includes 1 years maintenance). Install the server component on one of your domain controllers and the client on your macs. Configure your policies like you do any GPO and away you go

    Think we will have a mac server next year, only purely for imaging/updating macs though.
    hmm, sounds excessive for 50 Mac's, not that I know how much OSX Server is... but that's bought now anyway.

    If it comes to less than perhaps in short term it would be better, although being able to image Mac's is a very appealing feature of OSXS. Saves the 4 weeks I spent imaging Mac's using a FireWire Hard Drive... I guess I could have just the one image too since I've only got Intel Mac's to play with.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 5
    Last Post: 28th February 2008, 04:57 PM
  2. group policy not being seen at all
    By krisd32 in forum Windows
    Replies: 5
    Last Post: 31st August 2007, 09:07 AM
  3. group policy
    By kevin_lane in forum How do you do....it?
    Replies: 2
    Last Post: 27th July 2007, 12:17 PM
  4. Group policy restrict taskbar changes
    By netadmin in forum Windows
    Replies: 1
    Last Post: 30th June 2007, 12:27 PM
  5. Group policy etc
    By moiebus in forum Wireless Networks
    Replies: 20
    Last Post: 8th November 2006, 11:48 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •