Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Applying Restrictions to Mac OS X via Group Policy?

Posted on 2012-03-20
3
Medium Priority
?
689 Views
Last Modified: 2012-04-25
Hello,

We have recently purchased 10 iMacs which we wish to use for network users. We currently use windows server 2008 with active directory and apply restrictions to the workstations using group policy applied to the users.

We wish to have a similar set up for the iMacs so restricting a group of users from installing applications, altering system applications, changing settings etc on the Mac OS X Platform. I have looked on the internet to find out how to do this however have come up with very little information.

I'm looking for an open source or an affordable solution that can manage security and restrictions on a mac remotely by applying it to user groups. Any ideas on this would be great.

Thank you,
0
Comment
Question by:alumwell
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 28

Expert Comment

by:jhyiesla
ID: 37741636
Since GPO's depend mostly on the registry. While OS X thankfully doesn't have that dinosaur, it does make it tricky. I am including a link to an older article that does address some third party solutions:  http://www.macworld.com/article/1056791/activedirectory.html

Here is also a link to the Centrify page:  http://www.centrify.com/directcontrol/mac_os_x.asp
0
 
LVL 12

Accepted Solution

by:
nxnw earned 2000 total points
ID: 37742682
The easiest (but not free) way is to get OS X server, and configure the restrictions in Open Directory using workgroup manager. Lion Server is only aprox $50, but will need a mac to run on.

A more limited, easy, free, but more limited method would be to use parental controls, built into the OS. These can be administered centrally from another mac, but the settings are applied individually, rather than to groups.

You can also set up and manually/semiautomatically distribute the managed prefs files (the same files that would be automatically picked up by a machine bound to Open Directory in the first example). Savvy users with admin access to their machines could potentially override this method by deleting the files, however.
0
 
LVL 2

Expert Comment

by:amnhtech
ID: 37747174
We are looking into Centrify (centrify.com) as a way to manage OS X with Active Directory.  It is not cheap or open source.  We just in the research phase but it seems much easier than setting up a open directory server.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question