+ Post New Thread
Results 1 to 4 of 4
Mac Thread, Someone please explain OD permissions to me in Technical; Background information so you know where I stand: I've been thrown in the deep end with managing a Mac network, ...
  1. #1
    rolfea's Avatar
    Join Date
    Nov 2008
    Location
    Hereford
    Posts
    682
    Thank Post
    66
    Thanked 50 Times in 25 Posts
    Rep Power
    21

    Someone please explain OD permissions to me

    Background information so you know where I stand:

    I've been thrown in the deep end with managing a Mac network, having no education with Macs, no training, no nothing.

    I've learn't enough about Windows Servers at college, and one course on Windows Server Administration and about 7 months actually using what I learn't in practice, and only 3 weeks with actually being able to use Windows Servers, rather than watching.

    I've been managing the whole Mac network (Xserve on 10.5 with 50-60 iMacs also 10.5) for as long as I've been in this job (about 9-10 months). The line manager gave me an iMac and told me to play and find out everything, which I did and thought I done well considering I had never used a Mac before.

    Watched a Mac professional set up the Xserve and give a rough understanding on how to do network shares and basic application permissions. Also used a huge number of manuals downloaded from the internet about a number of things.

    I've put in a request for Mac training but due to the time of year it seems a while away for now.

    The Problem / Request:

    Myself and the art department have been pulling our hair out because of applications not being allowed to run for some staff, however it works for other staff in the same department. If I allow it for the one member of staff its not working, it will stop working for another member of staff. But its only one of the three at a time (Not one not allowed, two allowed changing to Two not allowed, one allowed) therefore making me think its not a problem with the group settings.

    I add permissions for a Staff OD Group, in which all the staff are members of, I have checked.
    I added in the application by using Sever Admin Tools Workgroup Manager on the client, dragging and dropping the application into the Applications Pane. If they request to be signed, I sign them.
    I have had problems with Keychain Minder, Smart Tools 10, Microsoft Office and HP All in one Scanner / Printer software.
    This is just is a start of the list.

    I would love to know if I am adding in permissions correctly, or if there is another way?
    I would love to know why there is always one member of staff not allowed to use something?
    I would love to know how permissions work?
    I would love to know about this application signing?
    I would love more documentation on setting permissions and using workgroup manager?

    Many thanks in advance.

  2. #2

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,191
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56
    I think the new AD-OD PDF from bombich explains how the whole OD permissions/policy system works. What get overridden by what and which takes precedence. You may wish to read that. It is a great read and very informative. The new one even goes into how augmented records work and how to create your own.

    There are also the Open Directory guides on Apples own website. These are also worth reading, but more importantly than any reading i think is to keep trialing things that you find out. Of course this can only be done if you have a mac at home or time at work to look at things. This is what i did.

    I am like yourself. I have had no formal training whatsoever on either Windows 2003 or any Apple product. Once you get it set up and working then it generally just keeps ticking over (although i still have issues with my SMB service i need to look at).

    I think the Application signing has something to do with the sandboxing that Leopard introduced although i am not certain.

    The failing permissions could be an overriding issue, for example, they may have permissions on the computer and the users' group. One has precedence over the other, similar to Windows GPO

    I tend to set most of my permissions on the computer lists. This has made things simple but also a nightmare when it comes to sorting out permissions further down the line if any changes are needed between pupils and staff.

    There are also workgroups as well. A user can be a member of different workgroups. If this is the case then the user can choose which workgroup to load on login. This gives a bit of flexibility as the user can choose what restrictions to apply when they log in.

    I hope this gives a little idea of what can be achieved. For more information though i would recommend reading the Apple guides as well as the other PDFs have been written.

    You can also download an evaluation of the Leopard Server now from the Apple website.

    Also check out AFP548.com for even more articles. Some of these are very technical docs as well.

  3. Thanks to HodgeHi from:

    rolfea (1st April 2009)

  4. #3

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,191
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56

  5. #4
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,464
    Thank Post
    10
    Thanked 496 Times in 436 Posts
    Rep Power
    113
    Quote Originally Posted by rolfea View Post
    [U]

    I add permissions for a Staff OD Group, in which all the staff are members of, I have checked.
    I added in the application by using Sever Admin Tools Workgroup Manager on the client, dragging and dropping the application into the Applications Pane. If they request to be signed, I sign them.
    I have had problems with Keychain Minder, Smart Tools 10, Microsoft Office and HP All in one Scanner / Printer software.
    This is just is a start of the list.

    I would love to know if I am adding in permissions correctly, or if there is another way?
    I would love to know why there is always one member of staff not allowed to use something?
    I would love to know how permissions work?
    I would love to know about this application signing?
    I would love more documentation on setting permissions and using workgroup manager?

    Many thanks in advance.
    As I have mentioned before use the path rules to set application permissions, do not use the signed applications! This means that as long as the application is stored in the same place it will not need to be signed, will not be affected by minor version changes and should apply correctly to all machines.

    As an example you can add /Applications/ then deny the ones you don't want people to access, by user group if you wish.

    I would also only apply OD preferences to Machines groups and User groups, don't set any per user or machine.

  6. Thanks to DMcCoy from:

    rolfea (2nd April 2009)

SHARE:
+ Post New Thread

Similar Threads

  1. [News] Could You Explain Programming Please
    By mattx in forum Jokes/Interweb Things
    Replies: 4
    Last Post: 25th November 2008, 06:16 PM
  2. Can somebody please explain A+ courses?
    By LGS in forum Courses and Training
    Replies: 17
    Last Post: 22nd September 2008, 06:33 PM
  3. Please Explain this!
    By rush_tech in forum Hardware
    Replies: 5
    Last Post: 21st January 2008, 05:22 PM
  4. explain this one...
    By mrbios in forum Wireless Networks
    Replies: 10
    Last Post: 12th December 2007, 10:50 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •