• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1422
  • Last Modified:

Using Centrify for Windows group policy

I was reading an article on this link:

Actually I would like to have our Mac computers under control of windows AD GPOs.
the article states that I need :
- Installing the Centrify DirectManage tools and using Centrify Deployment Manager
but it does not say if It has to be installed on windows domain controller or on another system.

-Using Deployment Manager to install the Centrify DirectControl Agent on target systems and join them to Active Directory.

any prior configuration on Non-windows computers before installing the Centrify DirectControl Agent on them ?

Thank you.
  • 4
  • 2
3 Solutions
David Johnson, CD, MVPOwnerCommented:
It is installed on the client only, you will have to create an OU for centrify.
jskfanAuthor Commented:
Can you clarify it.
What to install on the client (Mac computers) and what to install in the DC.
David Johnson, CD, MVPOwnerCommented:
You install the client on the MAC and NOTHING on the DC
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

jskfanAuthor Commented:
the link says:
Deploying the Centrify Suite consists of two steps:

┬ŽInstalling the Centrify DirectManage tools and using Centrify Deployment Manager to discover network non-Windows systems in your environment
┬ŽUsing Deployment Manager to install the Centrify DirectControl Agent on target systems and join them to Active Directory

it is confusing
jskfanAuthor Commented:
any clarification based on the link , please?

how do the MAC specific settings become available in AD Group policy ?

btanExec ConsultantCommented:
Extracted a couple of useful info and para to aid understanding...hope it helps

On UNIX, Linux and Macintosh computers, there is no equivalent to the Windows registry. The de-facto standard for configuration is through text-based configuration files. To enforce Active Directory's Group Policies on these non-Microsoft platforms, DirectControl creates a "virtual registry" to hold the Group Policy configuration settings that apply to that managed system and the users logging in to it.

For each configurable application that a policy applies to, DirectControl provides a specific mapping program that translates these virtual registry settings and updates the appropriate configuration file for that application with the settings defined by the policy.

On each DirectControl-managed computer, the DirectControl Agent is responsible for contacting Active Directory to determine the relevant policies and copying them down to a set of virtual registry files. These policy files are refreshed in the same way they are on Windows systems: when a user logs in, on computer restart, and at periodic intervals defined by Group Policy. Administrators can also update Group Policy on demand.


The Deployment Manager automatically detect Mac OS X systems within your environment and test them for readiness to join Active Directory, helping you identify and eliminate many common issues (such as DNS configuration problems) that slow down deployment of the Centrify DirectControl agent. Deployment Manager can then remotely install DirectControl on these Mac systems, automatically downloading the most current version for you from the Centrify website. You can also centrally update DirectControl on these systems as new releases become available.

The Centrify DirectControl for Mac OS X installation program is also provided in universal binary format, making it easy to deploy DirectControl on individual systems or across the enterprise.

Mac OS X workstations can be treated just like Windows workstations for access control purposes, permitting anyone with an Active Directory account to log in once the Mac has joined the domain. For those organizations, DirectControl's workstation mode streamlines installation using the same methodology to add a Mac workstation to an Active Directory domain as that used to add Windows workstations. The interactive installation program offers users the option to add the Mac in workstation mode. Remote installations can specify workstation mode through command-line parameters.

A major advantage of workstation mode is that the installation process has been streamlined. You do not need to install the Centrify Administrator's Console first. You simply install DirectControl on a Mac and it is automatically joined to Active Directory and appears as a computer object in Active Directory Users and Computers. During workstation installation, Macs are not added to a DirectControl Zone, but if you want to use patented Zone technology to limit access to Macs to a select set of users or groups, it is easy enough to install the Centrify Administrator Console and add those Macs to a Zone. You can have a mixture of Macs in workstation mode and standard mode in Active Directory, giving you the flexibility to apply tighter access controls to select systems as needed.


If you have ~30 min to spare, catch this video

jskfanAuthor Commented:
Thank you!!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now