Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Mac users local admin rights on Windows domain

Posted on 2014-10-09
2
Medium Priority
?
284 Views
Last Modified: 2014-10-28
We currently have several Macs on a Windows domain. We have not deployed any mechanism to manage the macs remotely aside from screen sharing via VNC. These users tend to be graphic artists and video editors. As a result, they are constantly downloading Adobe cloud updates and paintbrushes that require admin rights to install. This is becoming detrimental to their workflow and my staff resources.

What is the best practice for mac users on a windows network operating with admin rights?

Many thanks!
0
Comment
Question by:Dan Caudill
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 28

Assisted Solution

by:jhyiesla
jhyiesla earned 1000 total points
ID: 40372737
Probably "best practice" is to not give anyone, a Mac or PC user, admin rights on their own computer.  However, as you can see, that is sometimes fraught with extra work for IT and extra frustration for the users. We made the decision years ago to make all users local administrators of every computer (except servers) in the company. Over the last 15-20 years it has probably saved us tons of man-hours in IT and not caused any major issues.
0
 
LVL 30

Accepted Solution

by:
serialband earned 1000 total points
ID: 40373021
I disagree with the supposed "best practice" of denying admin rights for everyone on a Mac.  The only place I see that as "best practice" might be at a school, where multiple users have access to the same systems and the students are more computer savvy than the teachers.  You just don't want them messing around with settings and screwing it up for the next class.

In a normal workforce, I see no reason in not giving local Mac admin rights to a responsible user on their given system.  They are responsible for their work system and completing the work and not destroying their system with viruses and trojans.  You supposedly trained them when they were hired.  If you have an employee that constantly downloads questionable material or messes up their settings, then you might restrict access.  There is a way to restrict admin access to certain programs, so that they could still do the updates for those programs but not give access to other programs.  You have to do it via the command line.  The GUI is currently inadequate for fine tuning certain configurations on a Mac.  Giving a Mac user admin rights, does not affect your windows domain.

It's determined by environment and user base.  Systems that have multiple users should be restricted.  Systems that have a single user don't really have to be if users are trained.  I see no problem with giving a capable workforce local admin rights on the their system.  You only have to take it away when they prove that they don't deserve it.  I would say this privilege applies to Windows systems as well.


P.S. One Caveat, what I said above applies at this time when Macs are still being overlooked by viruses and trojans, because it's still, relatively, a niche market.  There was already one OSX worm a week or 2 ago that targeted macs.  The attacks are eventually coming, but users still can't mess up their Macs with the drive-by downloads for Windows.  One day, Apple will need to add to the "Allow user to administer this computer" with more options than just giving them full admin/root access.  You only have the option to give full access in the Systems and Preferences GUI, but you can adjust that on the command line with /etc/sudoers.  They'll eventually have to come up with an equivalent Power Users setting.
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

More or less everybody in the IT market understands the basics of Networking, however when we start talking about Storage Networks, things get a bit dizzier, and this is where I would like to help.
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question