+ Post New Thread
Results 1 to 12 of 12
Mac Thread, Restrict Mac like Group Policy for Windows in Technical; Is there any way of securing Mac OSX 10.5.5 using Active Directory accounts and not having to buy anything else? ...
  1. #1
    DrPerceptron's Avatar
    Join Date
    Dec 2008
    Location
    In a house
    Posts
    849
    Thank Post
    32
    Thanked 120 Times in 102 Posts
    Rep Power
    37

    Restrict Mac like Group Policy for Windows

    Is there any way of securing Mac OSX 10.5.5 using Active Directory accounts and not having to buy anything else?

    So far nothing bad has become of the seemingly open access they have, but it will crop up at some point I can only guess.

  2. #2

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,392
    Thank Post
    797
    Thanked 1,588 Times in 1,391 Posts
    Blog Entries
    10
    Rep Power
    427
    You will need to buy OS X server.

    What we did was buy a Mac Mini then buy the OS X server software, works a treat.

  3. Thanks to FN-GM from:

    DrPerceptron (12th December 2008)

  4. #3

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    8,941
    Thank Post
    232
    Thanked 1,510 Times in 1,206 Posts
    Rep Power
    328
    Well you can't use Group Policies to lock down Macs, but if you have secured shares and other resources using NTFS permissions, then a Mac shouldn't cause you any security problems. You should be prompted to authenticate as you would with Windows if you attempt to access a share.

  5. Thanks to Michael from:

    DrPerceptron (12th December 2008)

  6. #4
    DrPerceptron's Avatar
    Join Date
    Dec 2008
    Location
    In a house
    Posts
    849
    Thank Post
    32
    Thanked 120 Times in 102 Posts
    Rep Power
    37
    hmm, Is it possible to just buy the Directory and Client Management segment? I doubt it is, but it would be useful since we have no uses really for the rest of the functionality it would bring...

  7. #5

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,184
    Thank Post
    299
    Thanked 211 Times in 181 Posts
    Rep Power
    55
    OS X Server at educational prices for unlimited is really quite cheap. You may find yourself utilising more of the services than you think. e.g. the wiki server is Ok.

    I'm not sure as to how this would work but you can extend the AD Schema. Now if you extend the AD Schema i'm not sure if you still need an OS X Server or if you can just download the Server admin tools. and use those.

    You could connect to the AD server in WGM and then change some of the settings there for the users/machines etc. You can download a whole set of vbscripts that will automate the whole extension for you and its free. I would perhaps test it on a virtual environment first though.

    You can get the scripts from here:

    Shukwit.com

  8. 2 Thanks to HodgeHi:

    DrPerceptron (12th December 2008), jubbi (12th January 2009)

  9. #6

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,800
    Thank Post
    110
    Thanked 582 Times in 503 Posts
    Blog Entries
    1
    Rep Power
    223
    There are third party solutions out there, eg:

    Group Policy for UNIX, Linux and Mac

    unsure of costs though.

  10. Thanks to Geoff from:

    DrPerceptron (12th December 2008)

  11. #7
    DrPerceptron's Avatar
    Join Date
    Dec 2008
    Location
    In a house
    Posts
    849
    Thank Post
    32
    Thanked 120 Times in 102 Posts
    Rep Power
    37
    The thing we're looking at is, if it comes down to having a cost involved, we may as well go for OSX server, knowing that it is designed to "work" (haha!) plus, if we really wanted to use them, we could use the other features it provides...

  12. #8

    Join Date
    Jan 2007
    Location
    The Console
    Posts
    233
    Thank Post
    21
    Thanked 29 Times in 23 Posts
    Rep Power
    21
    For ease of use, buy Mac OS X Server unlimited. It's only around 250 and a Mac Mini can easily cope with dishing out managed preferences. Depending on the number of macs you have, you could have it host NetBoot / Netinstall images for OS deployment too...

  13. Thanks to iSteve from:

    DrPerceptron (12th December 2008)

  14. #9

    russdev's Avatar
    Join Date
    Jun 2005
    Location
    Leicestershire
    Posts
    6,873
    Thank Post
    650
    Thanked 534 Times in 353 Posts
    Blog Entries
    3
    Rep Power
    200
    This has just flashed up on the twitter...

    Twitter / Lora Deeds: @edugeekuk Your Mac GP que ...

    Russ

  15. Thanks to russdev from:

    DrPerceptron (12th December 2008)

  16. #10
    Oops_my_bad's Avatar
    Join Date
    Jan 2007
    Location
    Man chest hair
    Posts
    1,738
    Thank Post
    438
    Thanked 53 Times in 50 Posts
    Rep Power
    29
    Centrify DC is good if you don't want to contaminate your windows network with a mac server. IIRC we paid about 60 per client (includes 1 years maintenance). Install the server component on one of your domain controllers and the client on your macs. Configure your policies like you do any GPO and away you go

    Think we will have a mac server next year, only purely for imaging/updating macs though.

  17. Thanks to Oops_my_bad from:

    DrPerceptron (12th December 2008)

  18. #11
    gaz350's Avatar
    Join Date
    Jul 2007
    Location
    Rutland, east.leicestershire :P
    Posts
    579
    Thank Post
    47
    Thanked 49 Times in 41 Posts
    Rep Power
    27
    interesting russ, wonder what the costs are?

  19. #12
    DrPerceptron's Avatar
    Join Date
    Dec 2008
    Location
    In a house
    Posts
    849
    Thank Post
    32
    Thanked 120 Times in 102 Posts
    Rep Power
    37
    Quote Originally Posted by Oops_my_bad View Post
    Centrify DC is good if you don't want to contaminate your windows network with a mac server. IIRC we paid about 60 per client (includes 1 years maintenance). Install the server component on one of your domain controllers and the client on your macs. Configure your policies like you do any GPO and away you go

    Think we will have a mac server next year, only purely for imaging/updating macs though.
    hmm, sounds excessive for 50 Mac's, not that I know how much OSX Server is... but that's bought now anyway.

    If it comes to less than perhaps in short term it would be better, although being able to image Mac's is a very appealing feature of OSXS. Saves the 4 weeks I spent imaging Mac's using a FireWire Hard Drive... I guess I could have just the one image too since I've only got Intel Mac's to play with.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 5
    Last Post: 28th February 2008, 04:57 PM
  2. group policy not being seen at all
    By krisd32 in forum Windows
    Replies: 5
    Last Post: 31st August 2007, 09:07 AM
  3. group policy
    By kevin_lane in forum How do you do....it?
    Replies: 2
    Last Post: 27th July 2007, 12:17 PM
  4. Group policy restrict taskbar changes
    By netadmin in forum Windows
    Replies: 1
    Last Post: 30th June 2007, 12:27 PM
  5. Group policy etc
    By moiebus in forum Wireless Networks
    Replies: 20
    Last Post: 8th November 2006, 11:48 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •