Applying Restrictions to Mac OS X via Group Policy?

Hello,

We have recently purchased 10 iMacs which we wish to use for network users. We currently use windows server 2008 with active directory and apply restrictions to the workstations using group policy applied to the users.

We wish to have a similar set up for the iMacs so restricting a group of users from installing applications, altering system applications, changing settings etc on the Mac OS X Platform. I have looked on the internet to find out how to do this however have come up with very little information.

I'm looking for an open source or an affordable solution that can manage security and restrictions on a mac remotely by applying it to user groups. Any ideas on this would be great.

Thank you,
alumwellAsked:
Who is Participating?
 
nxnwConnect With a Mentor Commented:
The easiest (but not free) way is to get OS X server, and configure the restrictions in Open Directory using workgroup manager. Lion Server is only aprox $50, but will need a mac to run on.

A more limited, easy, free, but more limited method would be to use parental controls, built into the OS. These can be administered centrally from another mac, but the settings are applied individually, rather than to groups.

You can also set up and manually/semiautomatically distribute the managed prefs files (the same files that would be automatically picked up by a machine bound to Open Directory in the first example). Savvy users with admin access to their machines could potentially override this method by deleting the files, however.
0
 
jhyieslaCommented:
Since GPO's depend mostly on the registry. While OS X thankfully doesn't have that dinosaur, it does make it tricky. I am including a link to an older article that does address some third party solutions:  http://www.macworld.com/article/1056791/activedirectory.html

Here is also a link to the Centrify page:  http://www.centrify.com/directcontrol/mac_os_x.asp
0
 
amnhtechCommented:
We are looking into Centrify (centrify.com) as a way to manage OS X with Active Directory.  It is not cheap or open source.  We just in the research phase but it seems much easier than setting up a open directory server.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.