Mac Systems Management 75
johannacw writes "This story has in-depth info about managing Macs using Apple's Managed Preferences architecture. It covers how to use the 14 built-in systems-management areas, how preferences interact, how to secure workstations, and how to help users access resources including applications and printers. It's a must-read for any systems admin working in a Mac or mixed environment. Written by Ryan Faas, this is a follow-up to his popular Inside Apple's Workgroup Manager."
Interesting but.... (Score:3)
Re:Interesting but.... (Score:5, Informative)
Re:Interesting but.... (Score:5, Informative)
If you really need to blend in with your Active Directory environment, you can bypass workgroup manager altogether and go with ADmit Mac by Thursby Software. Though on the pricey side, it allows you to do much more from with AD than the standard features of OS X. The last time I checked, it even allowed you to apply certain types of group policies onto the managed Macs... very cool stuff.
Re:Interesting but.... (Score:4, Funny)
Couldn't resist..
Another alternative - Centrify (Score:2)
Another alternative to a Golden Triangle is to use Centrify for the Mac [centrify.com] if you have Windows sysadmins who just won't countenance a Mac server. Centrify uses the same underlying mechanisms as Workgroup Manager but lets a directory admin on a Windows server manage the Macs as though he were applying GPO's to Windows machines. While I think a Golden Triangle is preferable, Centrify works well when you just can't install a Mac OS X Server.
--Paul
Re: AdmitMac is bad software (Score:2)
The worst bug: AdmitMac will simply refuse to allow a user, and sometimes even a local administrator from logging in! It did this from the earliest version we used in 2006 to the last version in early 2007. I would get late night and weekend calls from the CFO or the CEO that they couldn't log in an
Re: (Score:1)
Re: (Score:2)
Make sure your Mac is plugged into the network, then go to /Applications/Utilities/Directory Access.app. In the services tab, make sure "Active Directory" is checked/enabled. Then click on "Active Directory" so it's highlighted, and press "Configure". It will ask you for your domain settings. In addition, go do
Re: (Score:1)
Re: (Score:2)
A basic article about a 2-year-old OS is news? (Score:1, Insightful)
Re: (Score:1)
Re: (Score:1, Funny)
FMs are less read than FAs!
I'm sorry, I don't understand... what is this "editor" you speak of?
Re: (Score:1)
Re:A basic article about a 2-year-old OS is news? (Score:5, Funny)
Indeed - this so-called-article is taking up valuable iPhone fluff story screen real estate.
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Are you trying to turn any intelligent discussion into an OS flamewar? Yes, maybe your dick is bigger, but you still don't get laid. Get a life. Or a pussy. Or better both.
Re: (Score:2)
Of course it didn't. On Slashdot, those two things are just assumed.
"Are you trying to turn any intelligent discussion into"
Re:Manage your macs... (Score:4, Funny)
1) turn on mac
2)periodically remind typical mac user that the computer is not thirsty and does not require watering like a plant.
Re: (Score:1, Offtopic)
Macs aren't supposed to be "managed" (Score:1, Troll)
Re: (Score:2)
Re: (Score:1)
I'm not even sure that they were supposed to even let me in this coffeeshop with my MS-laden beast. It doesn't even have a glowing logo on the lid. I think I was grandfathered in because I'm so "old".
iFree-spirited... hee.
Re: (Score:1)
Re:You can hardly manage the Mac from there (Score:5, Insightful)
And I don't get what your second problem is. If you had personal file sharing turned on, then your Linux box must've been connecting to your Mac via afp.
I think you're just very confused.
Re: (Score:2)
no, you are wrong (Score:1)
I agree with this point, as I wish that I could specify a particular folder to share, but overall, since I am running client software, and use file servers when in an environment of other user
Re: (Score:2)
Although you say that the applications and user data are available for all to see, this is only true if you've chosen very bad passwords. You can disable sharepoints by removing the Sharedir property. Also, a change of permissions will yield similar results. Personally I prefer a more locked-down system by default but this isn't OpenBSD we're talking about, so
Re: (Score:2)
Valid point, although it's not as though they aren't passworded (which your post almost seems to imply). Complexity is sacrificed for ease-of-use, though whether this is a good thing or not is, I suppose, ultimately down to who is using the system. For the average user, it won't be a problem, because they probably won't know what Windows File Sharing is, and if they do, it will be sufficient.
Re: (Score:2)
The password handling problems of Samba in OSX are k
Re: (Score:2)
Interesting. The key thing is, though, were you able to see the whole hard disk via Windows File Sharing (i.e. port 139, SMB/CIFS) or via Apple File Sharing (i.e. port 548, AFP). It takes some effort to get Linux to talk to AFP shares, if memory serves, which means that it is far more likely that it was via Windows File Sharing. In the latter case, i
Re: (Score:2)
As for the password handling in samba on my Mac, I'll look into that a bit more. It is confusing; I can't use the same smb.conf on my Mac as I have on my Linux box. For some reason that doesn't work properly. I'm at work now, and it has been a while since I last tried to configure Samba for the Mac, so unfortunately I can't tell yo
Re: (Score:2)
Re: (Score:2)
Indeed you cannot, and this has a lot to do with what I alluded to in an earlier post - I suspect that rather than using the smbpasswd file (as Linux does), Mac OS X uses NetInfo. Just transplanting a Linux-oriented smb.conf into your Mac will thus not work.
I think you need to be a bit clearer about what's doing what. It is certainly true that Apple File Sharing will share your whole hard disk, but you need to log on as one of the users
Re: (Score:2)
Go to Control Panel, Networking, Right click on the interface you want to remove sharing from, and remove File and Printer sharing? You talk the talk, but can you walk the walk? (just kidding, I'm one of those mediocre Linux types, though I'd be fine with editing smb.conf now that I know it's there on OS X). Also you can check your shares by right clicking on My Computer, then choose Manage, then Shared Folders->Shares. Sad
Re: (Score:2)
Ah yes. It's all coming back to me now. These days, I only venture into network device properties to turn off the fucking firewall...
iqu
Re: (Score:1)
It's GUI based. You can either install the Application version, or the "System Preferences" version, both which are available in the download.
You can setup SMB shares for Windows/Linux/Mac clients, or AFS shares for Mac/Linux clients (not sure if Windows does AFS - never looked into it).
After setting up a SMB share, ensure that "Windows Sharing" is enabled under "Sharing" in
Re: (Score:1)
http://www.macupdate.com/info.php/id/8658/sharepoi nts [macupdate.com]
it may give you some correctly configured config files that you can then just copy over to all the client computers.
Since it just uses an absolute path, you should be able to set up a Windoze shared folder that's the same path on every computer. I use this to share a non-home-folder folder, with it's own user/pw.
from the command-line (Score:3, Insightful)
http://www.macosxhints.com/article.php?story=2001
Re: (Score:2)
Re: (Score:1)
system administration (Score:2, Insightful)
Re: (Score:3, Informative)
andrea-lakelands-computer:~ corrin$ cat
IGNORE THIS FILE.
This file does nothing, contains no useful data, and might go away in
future releases. Do not depend on this file or its contents.
--
As you can see, apart from the warning it now contains nothing (this is on 10.4.10). I think on 10.3 it contained the warning and mounted volumes ala
Re: (Score:1)
It's the same kind of person who likes using the Windows GUI for server config. It's just they way they want to do it; it feels easier to them; companies are well within their rights to keep that market segment appeased. Now, don't let that stop your CLI/GUI holy wars [elsewhere.org][jargon file], though (see many of the comments in the recent story stating netcraft confirms IIS gaining on Apache [slashdot.org] for a decent example of these kind of people as well as a ongoing holy war fought on the shores of our own beloved /.).
I, f
Re:system administration (Score:4, Informative)
Mac OS X Server Command-Line Administration PDF [apple.com]
Here's a web page with all the manuals for Mac OS X Server, lots of good information there:
Apple Server Documentation [apple.com]
Re: (Score:2)
But where are the ready-made commands to paste into terminal? The neat perl scripts? I thought the whole point of Mac was that you could use the UNIX underneath for administration?
In my experience OS X administration is pretty much the same as administrating a BSD, Linux or Unix system. There are and always will be differences between them but the basic principles are the same. On OS X I very rarely go for point and click interfaces except the System Preferences and the Disk Utility and I can usually transfer what I know about Linux/BSD/Unix to OS X.
I mean if the extent of possibilities is "click here, then click here" you might as well run server 2003.
Contrary to what seems to be the popular opinion, Windows 2003 server has a quite powerful command-line interface. For some reason sur
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
At work we have both a Windows 2003 domain controller, which looks after authentication and file sharing for everybody, and a Mac OS X server, which provides the equivalent of group policies for the Apple machines used.
Workgroup Manager (Score:3, Interesting)
It's part in the Server Admin Tools: http://www.apple.com/support/downloads/serveradmi
I don't know if the license/installer says you have to have a Mac OS X Server installation to use them, because I haven't looked.
Mixed Messages (Score:2)
Used this for a long time (Score:3, Interesting)
It's kinda like Active Directory but much more simple, open and you can integrate it with other (non-Mac) systems since it's pure LDAP (over SSL) and Kerberos. There is even a feature to integrate and manage your Windows machines without using Active Directory. Combine it with Apple Remote Desktop and Apple's Software Update Service and you can deploy whatever package or update you want within seconds (it uses multicasting to save on bandwidth, eat that Microsoft)
Whoooo you can remotely manage a computer (Score:1)