Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Mac users local admin rights on Windows domain

Posted on 2014-10-09
2
Medium Priority
?
289 Views
Last Modified: 2014-10-28
We currently have several Macs on a Windows domain. We have not deployed any mechanism to manage the macs remotely aside from screen sharing via VNC. These users tend to be graphic artists and video editors. As a result, they are constantly downloading Adobe cloud updates and paintbrushes that require admin rights to install. This is becoming detrimental to their workflow and my staff resources.

What is the best practice for mac users on a windows network operating with admin rights?

Many thanks!
0
Comment
Question by:Dan Caudill
2 Comments
 
LVL 28

Assisted Solution

by:jhyiesla
jhyiesla earned 1000 total points
ID: 40372737
Probably "best practice" is to not give anyone, a Mac or PC user, admin rights on their own computer.  However, as you can see, that is sometimes fraught with extra work for IT and extra frustration for the users. We made the decision years ago to make all users local administrators of every computer (except servers) in the company. Over the last 15-20 years it has probably saved us tons of man-hours in IT and not caused any major issues.
0
 
LVL 31

Accepted Solution

by:
serialband earned 1000 total points
ID: 40373021
I disagree with the supposed "best practice" of denying admin rights for everyone on a Mac.  The only place I see that as "best practice" might be at a school, where multiple users have access to the same systems and the students are more computer savvy than the teachers.  You just don't want them messing around with settings and screwing it up for the next class.

In a normal workforce, I see no reason in not giving local Mac admin rights to a responsible user on their given system.  They are responsible for their work system and completing the work and not destroying their system with viruses and trojans.  You supposedly trained them when they were hired.  If you have an employee that constantly downloads questionable material or messes up their settings, then you might restrict access.  There is a way to restrict admin access to certain programs, so that they could still do the updates for those programs but not give access to other programs.  You have to do it via the command line.  The GUI is currently inadequate for fine tuning certain configurations on a Mac.  Giving a Mac user admin rights, does not affect your windows domain.

It's determined by environment and user base.  Systems that have multiple users should be restricted.  Systems that have a single user don't really have to be if users are trained.  I see no problem with giving a capable workforce local admin rights on the their system.  You only have to take it away when they prove that they don't deserve it.  I would say this privilege applies to Windows systems as well.


P.S. One Caveat, what I said above applies at this time when Macs are still being overlooked by viruses and trojans, because it's still, relatively, a niche market.  There was already one OSX worm a week or 2 ago that targeted macs.  The attacks are eventually coming, but users still can't mess up their Macs with the drive-by downloads for Windows.  One day, Apple will need to add to the "Allow user to administer this computer" with more options than just giving them full admin/root access.  You only have the option to give full access in the Systems and Preferences GUI, but you can adjust that on the command line with /etc/sudoers.  They'll eventually have to come up with an equivalent Power Users setting.
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hyper-convergence systems have taken the IT world by storm and have quickly started to change our point of view of how the data center should and could be architected. In this article, I’ll explain the benefits of employing a hyper-converged system …
While there are many new features for iOS 11, these are the five that can improve your digital lifestyle.
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

876 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question