Solved

Applying Restrictions to Mac OS X via Group Policy?

Posted on 2012-03-20
3
617 Views
Last Modified: 2012-04-25
Hello,

We have recently purchased 10 iMacs which we wish to use for network users. We currently use windows server 2008 with active directory and apply restrictions to the workstations using group policy applied to the users.

We wish to have a similar set up for the iMacs so restricting a group of users from installing applications, altering system applications, changing settings etc on the Mac OS X Platform. I have looked on the internet to find out how to do this however have come up with very little information.

I'm looking for an open source or an affordable solution that can manage security and restrictions on a mac remotely by applying it to user groups. Any ideas on this would be great.

Thank you,
0
Comment
Question by:alumwell
3 Comments
 
LVL 28

Expert Comment

by:jhyiesla
Comment Utility
Since GPO's depend mostly on the registry. While OS X thankfully doesn't have that dinosaur, it does make it tricky. I am including a link to an older article that does address some third party solutions:  http://www.macworld.com/article/1056791/activedirectory.html

Here is also a link to the Centrify page:  http://www.centrify.com/directcontrol/mac_os_x.asp
0
 
LVL 12

Accepted Solution

by:
nxnw earned 500 total points
Comment Utility
The easiest (but not free) way is to get OS X server, and configure the restrictions in Open Directory using workgroup manager. Lion Server is only aprox $50, but will need a mac to run on.

A more limited, easy, free, but more limited method would be to use parental controls, built into the OS. These can be administered centrally from another mac, but the settings are applied individually, rather than to groups.

You can also set up and manually/semiautomatically distribute the managed prefs files (the same files that would be automatically picked up by a machine bound to Open Directory in the first example). Savvy users with admin access to their machines could potentially override this method by deleting the files, however.
0
 
LVL 2

Expert Comment

by:amnhtech
Comment Utility
We are looking into Centrify (centrify.com) as a way to manage OS X with Active Directory.  It is not cheap or open source.  We just in the research phase but it seems much easier than setting up a open directory server.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now