?
Solved

Is there a downside

Posted on 2012-03-14
4
Medium Priority
?
227 Views
Last Modified: 2012-04-16
Our school has gone dual platform by adding Macs.  The infrastructure is still Windows, but there is a problem when Mac users connect to their home folder.  Initially it was a matter of staff having access to others folders by virtue of the group they belonged to if we gave that group access right at the root folder it propagated down.  If we removed the group from the root and gave the access just to the home folder, users found that when opening documents, the were unable to save changes, would have to perform a save as, which produced clutter.  
I now see that if I share the users individual folder and allow them to connect all seems to work as it should, plus can restrict access.
Not sure if this is the best way, also wondering if there is a down side to having so many shares, because this would need to happen for all staff (mac users) 110+ and possibly students.  If there is something that would work better, open to other ideas.

Thanks
0
Comment
Question by:ISSit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 30

Expert Comment

by:IanTh
ID: 37719480
0
 
LVL 3

Expert Comment

by:minder49
ID: 37773042
I was thinking along the same lines as IanTh.  If your school uses Active Directory, and the Macs are running at least Snow Leopard, integrating the Macs into your current AD structure is a snap.

User accounts are set up in AD, including Home Directories.  This will set the permissions you want automatically.  The next step is to configure the Macs to authenticate against your AD.

My company had about 10 Macs when I started, and now we are up to 30.  I have been configuring the new Macs this way for a while now and slowly converting the others.  Saves a lot of management and logon issues!
0
 

Author Comment

by:ISSit
ID: 37837098
Minder49, maybe I need to check further.  We have found that the way the permissions were set, if a teacher was a member of a group and we gave that group access to the root folder, on the mac a user could drill down and at least see the contents of another users folder.  Sharing and giving access to the share to the one person was the only way I have found thus far to stop it.  Centrify was taken off the table because of cost.
0
 
LVL 3

Accepted Solution

by:
minder49 earned 800 total points
ID: 37839901
The permissions that I referred to were for the Home folders on the AD network that are mapped when the user logs in.  These will follow the user on any Mac they log into.  Since these home folders are on the network and not the Mac, only domain admins or other users with rights can access them.  It is a variation of the roaming profile concept for AD.  

If many users need access to a common folder, you can set up network shares on the AD network and map to them form the Macs.  This way, all of your permissions are set in AD and will follow the users if they log on to multiple Macs.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The /etc/authorization file in Mac OS X 10.x can be used to control access to the various panes of the System Preferences amongst other things. It’s used by some of us Mac Sys Admin’s to give Standard Users access to System Prefs panes that only adm…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question