managing macs in Active Directory Domain

what is the best way to manage macs in an active directory domain?
we have around 12
we have issues such as when user changes ad password they keep getting  locked out because of key chain passwords saved etc
we also cant push out group policy
cant remote access
use central storage etc
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.


If you have Mountain Lion, you could try the following update which has a fix for an issue that could cause Active Directory accounts to be locked out after accessing the Security & Privacy pane in System Preferences
As you probably already know, if you bind the Macs to AD you should be able to have the user change their passwords at the appropriate time. The keychain thing is an issue, but the first time they access a resource they should be able to put in the new password and opt to save it in the keychain again.

You're right, you can't push out GPO's because GPO's typically write to the registry and Macs, thankfully, don't have a registry.

You should be able to remotely access your Macs.  In System Preferences, under sharing you can set remote login and screen and file sharing and enter in a password that VNC users can use to remotely access the Mac. You can also use Logmein to access a Mac. There's a logmein plugin for the Mac that works pretty well.

By central storage, if you are talking about accessing a share on a server, then, yes, the Mac can do that.  You can manually access a share in Finder by clicking on the GO menu item and selecting to connect to a server. From there enter smb://servername/sharename. The only thing that differs from Windows is that you can't make it permanent. There is a way around that by placing the call to the share in the Login Items in the System Preferences - Users and groups (Or accounts depending on the OS X you are using). This will mount the share when the user logs in.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Apple OS

From novice to tech pro — start learning today.