While some folks may choose to plop a Linux machine into your network, the vast majority of employees will choose between a modern version of Windows -- which will play nicely of course with your existing Active Directory infrastructure -- and the increasingly popular Macs. For starters, at the very least you and your users probably want the following: • Seamless access to the network where users can use their own login IDs • Protection of system access and privileges on the Mac, in a similar way to Windows machines • Easy access to file shares and network resources on both platforms • Centralized management of both Mac and Windows computers using native, or quasi-native tools The question is, how do you get there? Let's take a look at some of the options, ranked by price. The inexpensive option: Apple's Active Directory plug-in Apple has offered an Active Directory plug-in ever since Mac OS X 10.3. It's built into the operating system, and therefore has already been paid for and requires no other investment but time.
Wordpress program for mac. If, for instance, you manage software–including operating systems–from many vendors, you’ll need to manage as many patch management systems. An integrated solution if then a welcome addition. The Best Patch Management Software.
It offers full integration (authentication-wise) with Microsoft Active Directory, so that each individual Mac computer on the network has a computer account in AD and is considered a member of the domain. The Mac OS X also uses Kerberos, so password policies and other authentication restrictions are fully enforced.
In a best-case scenario, the Active Directory plug-in for Mac OS X will allow the following: • A Mac OS X computer can live in a forest with multiple domains. • Mac users can be granted administrator access based on their Active Directory group membership. • Users must follow AD password policies, and they can be fully controlled. • Through Kerberos, Active Directory users only sign on once and can access all authorized resources.
• Administrators can enable mobile accounts for portable computers. • A preferred domain controller can be identified if necessary. • According to Apple, users can have network-based home directories, local home directories, or a combina¬tion of the two called Portable Home Directories, which are similar to roaming profiles on Windows.
The plug-in is aware of a network's Active Directory site structure. It will first query the global catalog (found using standard DNS lookups) and then select two domain controllers from all site DCs that respond.
The plug-in can then failover to other domain controllers if there's a problem communicating with the ones it initially selected. So what can't the plug-in do? Namely, Group Policy. More specifically, the Mac OS X client can't natively consume Group Policy Objects (GPOs), meaning much of the power of AD outside of the directory service is lost on Macs without the use of third-party solutions.
You still need a package that can manage your Macs, even if they can authenticate to the Windows directory service. For more information on the plug-in, check out Apple's whitepaper on. The more expensive option: Third-party tools To overcome the no-GPO limitation of Apple's built-in tool, you have to look at a third-party solution, which unfortunately means more budgetary outlay. There are two main options currently on the market: Centrify's and from Thursby Software Solutions.