Using Centrify for Windows group policy

Posted on 2013-01-30
Last Modified: 2013-02-18
I was reading an article on this link:

Actually I would like to have our Mac computers under control of windows AD GPOs.
the article states that I need :
- Installing the Centrify DirectManage tools and using Centrify Deployment Manager
but it does not say if It has to be installed on windows domain controller or on another system.

-Using Deployment Manager to install the Centrify DirectControl Agent on target systems and join them to Active Directory.

any prior configuration on Non-windows computers before installing the Centrify DirectControl Agent on them ?

Thank you.
Question by:jskfan
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
LVL 81

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 250 total points
ID: 38838641
It is installed on the client only, you will have to create an OU for centrify.

Author Comment

ID: 38838801
Can you clarify it.
What to install on the client (Mac computers) and what to install in the DC.
LVL 81

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 250 total points
ID: 38838823
You install the client on the MAC and NOTHING on the DC
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.


Author Comment

ID: 38838841
the link says:
Deploying the Centrify Suite consists of two steps:

¦Installing the Centrify DirectManage tools and using Centrify Deployment Manager to discover network non-Windows systems in your environment
¦Using Deployment Manager to install the Centrify DirectControl Agent on target systems and join them to Active Directory

it is confusing

Author Comment

ID: 38846454
any clarification based on the link , please?

how do the MAC specific settings become available in AD Group policy ?

LVL 63

Accepted Solution

btan earned 250 total points
ID: 38850784
Extracted a couple of useful info and para to aid understanding...hope it helps

On UNIX, Linux and Macintosh computers, there is no equivalent to the Windows registry. The de-facto standard for configuration is through text-based configuration files. To enforce Active Directory's Group Policies on these non-Microsoft platforms, DirectControl creates a "virtual registry" to hold the Group Policy configuration settings that apply to that managed system and the users logging in to it.

For each configurable application that a policy applies to, DirectControl provides a specific mapping program that translates these virtual registry settings and updates the appropriate configuration file for that application with the settings defined by the policy.

On each DirectControl-managed computer, the DirectControl Agent is responsible for contacting Active Directory to determine the relevant policies and copying them down to a set of virtual registry files. These policy files are refreshed in the same way they are on Windows systems: when a user logs in, on computer restart, and at periodic intervals defined by Group Policy. Administrators can also update Group Policy on demand.

The Deployment Manager automatically detect Mac OS X systems within your environment and test them for readiness to join Active Directory, helping you identify and eliminate many common issues (such as DNS configuration problems) that slow down deployment of the Centrify DirectControl agent. Deployment Manager can then remotely install DirectControl on these Mac systems, automatically downloading the most current version for you from the Centrify website. You can also centrally update DirectControl on these systems as new releases become available.

The Centrify DirectControl for Mac OS X installation program is also provided in universal binary format, making it easy to deploy DirectControl on individual systems or across the enterprise.

Mac OS X workstations can be treated just like Windows workstations for access control purposes, permitting anyone with an Active Directory account to log in once the Mac has joined the domain. For those organizations, DirectControl's workstation mode streamlines installation using the same methodology to add a Mac workstation to an Active Directory domain as that used to add Windows workstations. The interactive installation program offers users the option to add the Mac in workstation mode. Remote installations can specify workstation mode through command-line parameters.

A major advantage of workstation mode is that the installation process has been streamlined. You do not need to install the Centrify Administrator's Console first. You simply install DirectControl on a Mac and it is automatically joined to Active Directory and appears as a computer object in Active Directory Users and Computers. During workstation installation, Macs are not added to a DirectControl Zone, but if you want to use patented Zone technology to limit access to Macs to a select set of users or groups, it is easy enough to install the Centrify Administrator Console and add those Macs to a Zone. You can have a mixture of Macs in workstation mode and standard mode in Active Directory, giving you the flexibility to apply tighter access controls to select systems as needed.

If you have ~30 min to spare, catch this video

Author Closing Comment

ID: 38904398
Thank you!!

Featured Post

MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
New IP's needed ASAP 6 83
Domain hosting question about hiding URL 9 51
How ldap located a Domain controller? 22 77
Authenticate against AD from the outside 6 29
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question