+ Post New Thread
Results 1 to 8 of 8
Mac Thread, Lots of mac questsions from a mac server newbie. in Technical; Right i've many questions to get through . Firstly we've got 6 imacs in our school and one server which ...
  1. #1

    Join Date
    Oct 2006
    Posts
    146
    Thank Post
    1
    Thanked 13 Times in 7 Posts
    Rep Power
    32

    Lots of mac questsions from a mac server newbie.

    Right i've many questions to get through .

    Firstly we've got 6 imacs in our school and one server which I took a crash course on yesterday.

    I've set up software restrictions on the "Workgroup Manager" but having problems with RDP. Everytime it starts I get a restriction for the microsoft AU daemon? (Need fix on that)

    Secondly i'd like to be able to deploy a wallpaper to all of the macs which is forced on every user when they log in.

    Thirdly i'd like to map the home drive when the user logs on to their windows share.

    We also have remote desktop to deploying software out.

    Also... Can i restrict what is displayed on the finder bar at the top as I do not wish to allow students to view system folders etc...



    Please help

    I'm a complete newb when it comes to macs...

    P.S is it possible to link to AD user groups through Workgroup Manager as I dont seem to be getting any luck applying settings on a per user group basis.

  2. #2

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,184
    Thank Post
    299
    Thanked 211 Times in 181 Posts
    Rep Power
    55
    my advice would be to follow through the AD-OD pdf linked in the sticky tread at the top of this forum. When that fails but you understand that you did everything to the letter then come here and ask for some clarification...like i am about to do now

  3. #3
    rolfea's Avatar
    Join Date
    Nov 2008
    Location
    Hereford
    Posts
    682
    Thank Post
    66
    Thanked 50 Times in 25 Posts
    Rep Power
    21
    Quote Originally Posted by flexyjerkov View Post
    I've set up software restrictions on the "Workgroup Manager" but having problems with RDP. Everytime it starts I get a restriction for the microsoft AU daemon? (Need fix on that)
    That should be the automatic update for the Microsoft bits. I've found the Automatic Update as a separate application in the folder, allowing that usually helps. If not try adding the Microsoft program into the Folder List in the workgroup manager permissions. This should allow any applications hidden inside it.

    Even though it's allowed on the machines students would still need the admin password to update so it shouldn't cause to much of a problem.

  4. #4
    AntonioRocco's Avatar
    Join Date
    Oct 2008
    Location
    South Yorkshire
    Posts
    254
    Thank Post
    9
    Thanked 106 Times in 90 Posts
    Rep Power
    38
    Hi

    Firstly we've got 6 imacs in our school and one server which I took a crash course on yesterday.

    Which crash course would that be? AFAIK the Support Essentials (for the client OS) is over 3 days. For the Server (Server Support Essentials) it's 4 days. Neither could be described as crash courses.

    I've set up software restrictions on the "Workgroup Manager" but having problems with RDP. Everytime it starts I get a restriction for the microsoft AU daemon? (Need fix on that)


    Do students need to use RDP? If Staff need to use it then simply create an OD Group and drop your AD staff group into it. From that point don't apply any MCX.

    Secondly i'd like to be able to deploy a wallpaper to all of the macs which is forced on every user when they log in.

    If you've done the appropriate courses you would be shown how to do this. However install the Server Admin tools on a Mac Client. Make sure you are logged in as the local admin and that the client has been firstly 'bound' to AD and then 'joined' to OD. Launch WorkGroup Manager. Navigate and authenticate to the LDAPv3 node. You will have to add this as by default only the primary directory server in the Search Order is added. Simply select 'Other' and it should be listed. On the client mac, right click or control click the desktop. You should see a sub-menu appear. Select Change Desktop Background. Select something suitable and apply it. Back to WorkGroup Manager. Select the OD Group you're interested in click on Preferences and click on the Details tab. This is the Preferences Manifest. Inspect the list. It should show you what you've already applied. Click the '+' icon and navigate to /Users/Home/nameoflocaladmin/Library/Preferences. Within there you should com.apple.Desktop.plist. Select it and apply one of the three perisistent settings. Once, Often or Always. Clearly if you want it so as no user can 'fiddle' with the desktop select Always. Apply the setting, quit out of WorkGroup Manager and test by logging in as a User within the Group.

    Thirdly i'd like to map the home drive when the user logs on to their windows share.


    Launch Workgroup Manager on the client Mac. Select the Group you're interested in. Select Preferences and select the Login Preference. Select the Items option and select Always. Now go back to the Finder and select Connect to Server from the Go Menu. Key in the IP address of the Server you're interested in which has the desired shares you want to be auto-mounting. Remember by default the Mac OS uses afp as its default Protocol. If these are Samba shares then precede the IP address with smb://IP address. When pompted supply an administrator name and password. Go the Finder Menu and select Preferences. Select General and enable the option that shows Connected Servers. You should now see a shiny blue icon on the desktop that is the desired share. Back to WorkGroup Manager. In the Items window simply drag the relevant share into the window. Select the option that says 'Mount this item with user's name and password'. Quit out of WorkGroup Manager and disconnect from the share by taking it to the trash.

    Test again with a trial login.

    We also have remote desktop to deploying software out.

    ARD can only 'push' out software in the .pkg or .mpkg format. If the Software you have has a proprietary installer application then you're out of luck. However some people have had success using PackageMaker. With the amount of macs you have a little exercise won't do you any harm.

    If you're contemplating deploying the Adobe Suite or FC Pro don't even bother. Besides there are better ways of deploying software to multiple clients. You could use the NetBoot Service on your Server and define a NetInstall nbi.

    A lot of applications for the Mac platform are standalone. This is useful as you can copy software using ARD to multiple macs. This only makes sense if the software has no license or serial number assocated with it.

    Also... Can i restrict what is displayed on the finder bar at the top as I do not wish to allow students to view system folders etc...

    Yes. Launch WorkGroup Manager and select the Group you're interested in. Click on Preferences. Select Finder, select Always and select the Use Simple Finder Option.

    You have to remember you're approaching mac-style GPOs from a Windows perspective. This is not a criticism just an observation. Clearly the two platforms are not the same. Therefore it does not make much sense in approaching the lock-down of the macs in the same way you do with PCs. Clearly there are some things you can do on one platform that you can't do on the other. Denying views of the network seems to be a big deal with Windows environments. In a mac environment it does not make sense to deny the network view. Provided the clients are secured with a locked down local admin name and password then whether the macs can 'see' them or not makes no difference. Besides this is a problem with the way the AD environment is configured and nothing to do with the macs as such.

    If I can advise you? DNS has to absolutely perfect. Try and get yourself on an approved Training Course. I would include the Staff as well as too often they are all too keen on teaching an application they know nothing about. Finally introducing macs into a Windows environment will find every flaw and weakness in that environment like nothing else.

    Antonio Rocco (ACSA)

  5. #5

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,184
    Thank Post
    299
    Thanked 211 Times in 181 Posts
    Rep Power
    55
    Quote Originally Posted by AntonioRocco View Post
    Hi
    Finally introducing macs into a Windows environment will find every flaw and weakness in that environment like nothing else.

    Antonio Rocco (ACSA)
    Tell me about it

    Also when it comes to adding plists to the managed preferences try the always first if you want it always managed, but if this fails, move to often. This will allow users to change some the setting if they have access to it but it will default back to the managed setting when they log back in. An good example of this would be the sidebar.plist file. It will still let users change the settings even when set to always manage. I don't know if the change reverts back after the users log out and back in. I do know that often managed does work.
    Last edited by HodgeHi; 27th August 2009 at 07:22 PM.

  6. #6

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,184
    Thank Post
    299
    Thanked 211 Times in 181 Posts
    Rep Power
    55
    Quote Originally Posted by AntonioRocco View Post
    Hi

    Denying views of the network seems to be a big deal with Windows environments. In a mac environment it does not make sense to deny the network view. Provided the clients are secured with a locked down local admin name and password then whether the macs can 'see' them or not makes no difference. Besides this is a problem with the way the AD environment is configured and nothing to do with the macs as such.

    Antonio Rocco (ACSA)
    The biggest issue with Windows integration from the OS X side of things is that they can see shares that are usually hidden from Windows clients, eg the netlogon and the sysvol shares. These are important for AD since they can hold scripts, GPOs etc. Obviously having the permissions set correctly on these makes the visibility of them a non-issue but most admins i think don't like users being able to see them. I for one don't like users to see them.

    The same goes for the SIMS share. I am not too familiar on the permissions needed for this share and the guys who set this up gave everyone read/write perms. Obviously if OS X users (pupils) can see this share then there could be trouble

  7. #7
    AntonioRocco's Avatar
    Join Date
    Oct 2008
    Location
    South Yorkshire
    Posts
    254
    Thank Post
    9
    Thanked 106 Times in 90 Posts
    Rep Power
    38
    Hi Mark

    I agree with you regarding the differences between Often and Always and what can and can't be managed using either of those settings. The Sidebars plist is a case in point. However there is a method where you can deny this using the com.apple.Finder.plist.

    As to the what the macs can 'see' you could disable NetBIOS? I don't know how you can do this in a AD environment easily? Is it as simple as disabling the Master Browser option? In which case would you not have to do that for every PC Client in turn? Is there a command you can run that disables the 'conference?'

    Not sure what you mean about the SIMS share? Perhaps you need to speak with the people responsible for setting it up? It can't be easy for those of you in an environment where you don't really have full control over all aspects of the environment.

    I'll be seeing you next Friday I think Mark? Is that correct?

    Antonio Rocco (ACSA)
    Last edited by AntonioRocco; 27th August 2009 at 11:03 PM.

  8. #8

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,184
    Thank Post
    299
    Thanked 211 Times in 181 Posts
    Rep Power
    55
    I'm not to sure about disabling netbios. I'm not sure whether it would a, break anything or b, resolve the issue with regards the shares. Because all users can access them they are mounted using Kerberos from the side bar. Ironic that the only servers you can mount via Kerberos using the side bars is ad ones.

    yes I will be seeing you on the 4th sept. I have placed an order for snow leopard client and server to see how it goes as well

    I have managed to get the users logging in but finder still seems slow but that's another thread.

    PS I still owe you that pint.

SHARE:
+ Post New Thread

Similar Threads

  1. Mac Update Service (WSUS 4 MAC)
    By nathanlivesey in forum Mac
    Replies: 21
    Last Post: 14th October 2009, 10:18 PM
  2. Would I need a Mac Server?
    By HMCTech in forum Mac
    Replies: 18
    Last Post: 1st July 2009, 02:12 PM
  3. Newbie Mac Questions
    By karldenton in forum Mac
    Replies: 2
    Last Post: 2nd June 2009, 11:34 AM
  4. Running Mac OSX virtually on a mac
    By rolfea in forum Mac
    Replies: 11
    Last Post: 22nd May 2009, 04:19 PM
  5. MAC OX server
    By masud in forum Mac
    Replies: 5
    Last Post: 26th February 2009, 04:28 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •