I have been tasked with centrally managing a group of macs in a graphic's department. I need to be able to deploy printers, software updates, lock them down, have a central directory for users, etc... I grew up on Mac's but I have never had to centrally manage them. I have found out osx server could handle users, but it looks like i'd need a third party app to handle group policy style stuff. Any insight?
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Any all mac office environments out there?
- Thread starter awesomo
- Start date
nitrobass24
[H]ard|DCer of the Month - December 2009
- Joined
- Apr 7, 2006
- Messages
- 10,466
Probably worth your time to look through Apples AD best practice guide.
Not sure if you can do GPO/Updates but should centralize access control and passwords into your existing infrastructure.
http://www.seminars.apple.com/contactme/pdf/L334436B_ActiveDirect_WP.pdf
Not sure if you can do GPO/Updates but should centralize access control and passwords into your existing infrastructure.
http://www.seminars.apple.com/contactme/pdf/L334436B_ActiveDirect_WP.pdf
timberdoodle
Gawd
- Joined
- Sep 22, 2008
- Messages
- 878
I work in a Mac environment. You're not going to be able to do everything with one application. Assuming all your clients are up to 10.6, you can bind them all to the domain. This will allow you to have domain credentials for users and all the objects will be recorded in AD for managment. You're going to need to look at Workgroup Manager, Remote Desktop and maybe others to cover the other tasks; software deployment, security, deploying printers.
DeChache
Supreme [H]ardness
- Joined
- Oct 30, 2005
- Messages
- 7,087
I'm working through this right now. My solution is a combination of the campus AD for auth and then Apple Remote Desktop for actual client management with a OSX server for imaging
shabazkilla
Lurker
- Joined
- Jan 4, 2004
- Messages
- 439
I had to setup management for 280ish Mac workstations within a 50k user Active Directory environment. Not fun by any means. Authentication against AD is fairly simple, but you are correct that you need third party software to get GPO support. You could try Workgroup Manager, but I wasn't too impressed with it. This was all on Snow Leopard, so you might want to check out whats been changed in Lion. I used Carbon Copy Cloner for imaging (free) and it was pretty good.
Lion is absolutely crap for workgroup management. Yes there are some new features that look cool, but the reality is that the server is severely gimped and 10.6 is much better. Also an interesting thing to note is that unlike 10.6, 10.7 server no longer fully integrates with AD. Yes you can join it as a member computer, but you can no longer manage mac accounts through the OS X server like you can with 10.6.
I don't have any large groups but I do have one of 15 users with a 10.6 server . Everyone authenticates against open directory, home folders are on the server, and permissions are managed through there. Everything works great! On the flip side I have a couple situations where we have Macs in an AD environment and use 3rd party software to push GPOs.
I don't have any large groups but I do have one of 15 users with a 10.6 server . Everyone authenticates against open directory, home folders are on the server, and permissions are managed through there. Everything works great! On the flip side I have a couple situations where we have Macs in an AD environment and use 3rd party software to push GPOs.