Solved

Applying Restrictions to Mac OS X via Group Policy?

Posted on 2012-03-20
3
651 Views
Last Modified: 2012-04-25
Hello,

We have recently purchased 10 iMacs which we wish to use for network users. We currently use windows server 2008 with active directory and apply restrictions to the workstations using group policy applied to the users.

We wish to have a similar set up for the iMacs so restricting a group of users from installing applications, altering system applications, changing settings etc on the Mac OS X Platform. I have looked on the internet to find out how to do this however have come up with very little information.

I'm looking for an open source or an affordable solution that can manage security and restrictions on a mac remotely by applying it to user groups. Any ideas on this would be great.

Thank you,
0
Comment
Question by:alumwell
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 28

Expert Comment

by:jhyiesla
ID: 37741636
Since GPO's depend mostly on the registry. While OS X thankfully doesn't have that dinosaur, it does make it tricky. I am including a link to an older article that does address some third party solutions:  http://www.macworld.com/article/1056791/activedirectory.html

Here is also a link to the Centrify page:  http://www.centrify.com/directcontrol/mac_os_x.asp
0
 
LVL 12

Accepted Solution

by:
nxnw earned 500 total points
ID: 37742682
The easiest (but not free) way is to get OS X server, and configure the restrictions in Open Directory using workgroup manager. Lion Server is only aprox $50, but will need a mac to run on.

A more limited, easy, free, but more limited method would be to use parental controls, built into the OS. These can be administered centrally from another mac, but the settings are applied individually, rather than to groups.

You can also set up and manually/semiautomatically distribute the managed prefs files (the same files that would be automatically picked up by a machine bound to Open Directory in the first example). Savvy users with admin access to their machines could potentially override this method by deleting the files, however.
0
 
LVL 2

Expert Comment

by:amnhtech
ID: 37747174
We are looking into Centrify (centrify.com) as a way to manage OS X with Active Directory.  It is not cheap or open source.  We just in the research phase but it seems much easier than setting up a open directory server.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question