Solved

Applying Restrictions to Mac OS X via Group Policy?

Posted on 2012-03-20
3
645 Views
Last Modified: 2012-04-25
Hello,

We have recently purchased 10 iMacs which we wish to use for network users. We currently use windows server 2008 with active directory and apply restrictions to the workstations using group policy applied to the users.

We wish to have a similar set up for the iMacs so restricting a group of users from installing applications, altering system applications, changing settings etc on the Mac OS X Platform. I have looked on the internet to find out how to do this however have come up with very little information.

I'm looking for an open source or an affordable solution that can manage security and restrictions on a mac remotely by applying it to user groups. Any ideas on this would be great.

Thank you,
0
Comment
Question by:alumwell
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 28

Expert Comment

by:jhyiesla
ID: 37741636
Since GPO's depend mostly on the registry. While OS X thankfully doesn't have that dinosaur, it does make it tricky. I am including a link to an older article that does address some third party solutions:  http://www.macworld.com/article/1056791/activedirectory.html

Here is also a link to the Centrify page:  http://www.centrify.com/directcontrol/mac_os_x.asp
0
 
LVL 12

Accepted Solution

by:
nxnw earned 500 total points
ID: 37742682
The easiest (but not free) way is to get OS X server, and configure the restrictions in Open Directory using workgroup manager. Lion Server is only aprox $50, but will need a mac to run on.

A more limited, easy, free, but more limited method would be to use parental controls, built into the OS. These can be administered centrally from another mac, but the settings are applied individually, rather than to groups.

You can also set up and manually/semiautomatically distribute the managed prefs files (the same files that would be automatically picked up by a machine bound to Open Directory in the first example). Savvy users with admin access to their machines could potentially override this method by deleting the files, however.
0
 
LVL 2

Expert Comment

by:amnhtech
ID: 37747174
We are looking into Centrify (centrify.com) as a way to manage OS X with Active Directory.  It is not cheap or open source.  We just in the research phase but it seems much easier than setting up a open directory server.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question