| Author | Messages | |
JackKopenski
Posts:17
 | | 03/02/2010 3:33 PM |
|
We have recently added our first Mac to our AD domain as a test and so
we have the question, "how to manage them with GPO's"? I have found 3
vendors (Quest, Centrify, and Likewise) with products for this so is
anyone using these, or others?
Any problems when Mac's and Group Policy meet?
Thanks,
Jack.Kopenski@compuware.com
The contents of this e-mail are intended for the named addressee only. It contains information that may be confidential. Unless you are the named addressee or an authorized designee, you may not copy or use it, or disclose it to anyone else. If you received it in error please notify us immediately and then destroy it.
| | | |
| shanewilliford
Posts:36
| | 03/02/2010 3:45 PM |
| We use Centrify, but it isn’t reliable. What I mean by this is they aren’t OS version independent like Windows GP is. Policies don’t work as concretely as Windows GP and work minimally unless on a static MAC OS version. I know Windows has issues as well sometimes, thus this list ☺ ….but, Centrify *really* doesn’t work too well. It does however work well for AD access, Home directory redirection, and auditing (since users authenticate with DCs). I’m not sure if the GP issue is Centrify-specific…it may be like that with any MAC-integrated solution. But, with my experience with Centrify is that GP security is shakey at best.
Regards.
Shane M. Williford
Systems Administrator
VCP3, MCSE, MCSA Sec, Sec+, Net+, A+
Mazuma Credit Union
9300 Troost
Kansas City, MO 64131
shane.williford@mazuma.org<mailto:shane.williford@mazuma.org>
816-361-4194 x6012
From: gptalk-owner@lists.gpoguy.com [mailto:gptalk-owner@lists.gpoguy.com] On Behalf Of Kopenski, Jack
Sent: Tuesday, March 02, 2010 9:30 AM
To: gptalk@lists.gpoguy.com
Subject: [gptalk] Managing Mac's with Group Policy
We have recently added our first Mac to our AD domain as a test and so we have the question, "how to manage them with GPO's"? I have found 3 vendors (Quest, Centrify, and Likewise) with products for this so is anyone using these, or others?
Any problems when Mac's and Group Policy meet?
Thanks,
Jack.Kopenski@compuware.com
The contents of this e-mail are intended for the named addressee only. It contains information that may be confidential. Unless you are the named addressee or an authorized designee, you may not copy or use it, or disclose it to anyone else. If you received it in error please notify us immediately and then destroy it.
________________________________
Notice: The information transmitted in this e-mail may contain confidential and/ or legally privileged information intended only for the use of the individual(s) named above. Review, use, disclosure, distribution, or forwarding of this information by persons or entities other than the intended recipient(s) is prohibited by law and may subject them to criminal or civil liabilities. Statements and opinion expressed in this e-mail may not represent those of Mazuma Credit Union. All e-mail communications through Mazuma's corporate email system are subject to archiving and review by someone other than the recipient. If you have received this communication in error, please notify the sender immediately and delete/destroy any and all copies of the original message from any computer or network system.
| | | |
| JackKopenski
Posts:17
| | 03/02/2010 4:31 PM |
| Shane,
Initially I need the security settings (password settings, locking
screen saving, etc). Do you have problems with those?
Jack
________________________________
From: gptalk-owner@lists.gpoguy.com
[mailto:gptalk-owner@lists.gpoguy.com] On Behalf Of Shane Williford
Sent: Tuesday, March 02, 2010 10:41 AM
To: gptalk@lists.gpoguy.com
Subject: RE: [gptalk] Managing Mac's with Group Policy
We use Centrify, but it isn't reliable. What I mean by this is they
aren't OS version independent like Windows GP is. Policies don't work as
concretely as Windows GP and work minimally unless on a static MAC OS
version. I know Windows has issues as well sometimes, thus this list J
....but, Centrify *really* doesn't work too well. It does however work
well for AD access, Home directory redirection, and auditing (since
users authenticate with DCs). I'm not sure if the GP issue is
Centrify-specific...it may be like that with any MAC-integrated
solution. But, with my experience with Centrify is that GP security is
shakey at best.
Regards.
Shane M. Williford
Systems Administrator
VCP3, MCSE, MCSA Sec, Sec+, Net+, A+
Mazuma Credit Union
9300 Troost
Kansas City, MO 64131
shane.williford@mazuma.org <mailto:shane.williford@mazuma.org>
816-361-4194 x6012
From: gptalk-owner@lists.gpoguy.com
[mailto:gptalk-owner@lists.gpoguy.com] On Behalf Of Kopenski, Jack
Sent: Tuesday, March 02, 2010 9:30 AM
To: gptalk@lists.gpoguy.com
Subject: [gptalk] Managing Mac's with Group Policy
We have recently added our first Mac to our AD domain as a test and so
we have the question, "how to manage them with GPO's"? I have found 3
vendors (Quest, Centrify, and Likewise) with products for this so is
anyone using these, or others?
Any problems when Mac's and Group Policy meet?
Thanks,
Jack.Kopenski@compuware.com
The contents of this e-mail are intended for the named addressee only.
It contains information that may be confidential. Unless you are the
named addressee or an authorized designee, you may not copy or use it,
or disclose it to anyone else. If you received it in error please notify
us immediately and then destroy it.
________________________________
Notice: The information transmitted in this e-mail may contain
confidential and/ or legally privileged information intended only for
the use of the individual(s) named above. Review, use, disclosure,
distribution, or forwarding of this information by persons or entities
other than the intended recipient(s) is prohibited by law and may
subject them to criminal or civil liabilities. Statements and opinion
expressed in this e-mail may not represent those of Mazuma Credit Union.
All e-mail communications through Mazuma's corporate email system are
subject to archiving and review by someone other than the recipient. If
you have received this communication in error, please notify the sender
immediately and delete/destroy any and all copies of the original
message from any computer or network system.
| | | |
| shanewilliford
Posts:36
| | 03/02/2010 5:44 PM |
| Yes...as MAC OS versions at my org differ.
Shane M. Williford
Systems Administrator
VCP3, MCSE, MCSA Sec, Sec+, Net+, A+
Mazuma Credit Union
9300 Troost
Kansas City, MO 64131
shane.williford@mazuma.org<mailto:shane.williford@mazuma.org>
816-361-4194 x6012
From: gptalk-owner@lists.gpoguy.com [mailto:gptalk-owner@lists.gpoguy.com] On Behalf Of Kopenski, Jack
Sent: Tuesday, March 02, 2010 10:29 AM
To: gptalk@lists.gpoguy.com
Subject: RE: [gptalk] Managing Mac's with Group Policy
Shane,
Initially I need the security settings (password settings, locking screen saving, etc). Do you have problems with those?
Jack
________________________________
From: gptalk-owner@lists.gpoguy.com [mailto:gptalk-owner@lists.gpoguy.com] On Behalf Of Shane Williford
Sent: Tuesday, March 02, 2010 10:41 AM
To: gptalk@lists.gpoguy.com
Subject: RE: [gptalk] Managing Mac's with Group Policy
We use Centrify, but it isn't reliable. What I mean by this is they aren't OS version independent like Windows GP is. Policies don't work as concretely as Windows GP and work minimally unless on a static MAC OS version. I know Windows has issues as well sometimes, thus this list  ....but, Centrify *really* doesn't work too well. It does however work well for AD access, Home directory redirection, and auditing (since users authenticate with DCs). I'm not sure if the GP issue is Centrify-specific...it may be like that with any MAC-integrated solution. But, with my experience with Centrify is that GP security is shakey at best.
Regards.
Shane M. Williford
Systems Administrator
VCP3, MCSE, MCSA Sec, Sec+, Net+, A+
Mazuma Credit Union
9300 Troost
Kansas City, MO 64131
shane.williford@mazuma.org<mailto:shane.williford@mazuma.org>
816-361-4194 x6012
From: gptalk-owner@lists.gpoguy.com [mailto:gptalk-owner@lists.gpoguy.com] On Behalf Of Kopenski, Jack
Sent: Tuesday, March 02, 2010 9:30 AM
To: gptalk@lists.gpoguy.com
Subject: [gptalk] Managing Mac's with Group Policy
We have recently added our first Mac to our AD domain as a test and so we have the question, "how to manage them with GPO's"? I have found 3 vendors (Quest, Centrify, and Likewise) with products for this so is anyone using these, or others?
Any problems when Mac's and Group Policy meet?
Thanks,
Jack.Kopenski@compuware.com
The contents of this e-mail are intended for the named addressee only. It contains information that may be confidential. Unless you are the named addressee or an authorized designee, you may not copy or use it, or disclose it to anyone else. If you received it in error please notify us immediately and then destroy it.
________________________________
Notice: The information transmitted in this e-mail may contain confidential and/ or legally privileged information intended only for the use of the individual(s) named above. Review, use, disclosure, distribution, or forwarding of this information by persons or entities other than the intended recipient(s) is prohibited by law and may subject them to criminal or civil liabilities. Statements and opinion expressed in this e-mail may not represent those of Mazuma Credit Union. All e-mail communications through Mazuma's corporate email system are subject to archiving and review by someone other than the recipient. If you have received this communication in error, please notify the sender immediately and delete/destroy any and all copies of the original message from any computer or network system.
| | | |
| dmarelia
Posts:230
| | 03/02/2010 6:15 PM |
| I will add a bit to the conversation. While I don't have hands-on practical experience using these 3rd party solutions, I do have architectural understanding of the Quest/Vintela solution and have generally been impressed by how they implemented their GP extensions. Perhaps others can pipe in with practical knowledge-I know that Quest was somewhat late to the party with their Mac support but I know the folks that worked on it and they are smart and generally do great architecture.
That being said, any of these implementations of GP on non-Windows are going to be fraught with challenges, because each of the vendors has essentially had to build their own GP engine from scratch-none of them exactly mimics the behavior and function of GP on Windows.
Darren
From: gptalk-owner@lists.gpoguy.com [mailto:gptalk-owner@lists.gpoguy.com] On Behalf Of Shane Williford
Sent: Tuesday, March 02, 2010 9:43 AM
To: gptalk@lists.gpoguy.com
Subject: RE: [gptalk] Managing Mac's with Group Policy
Yes...as MAC OS versions at my org differ.
Shane M. Williford
Systems Administrator
VCP3, MCSE, MCSA Sec, Sec+, Net+, A+
Mazuma Credit Union
9300 Troost
Kansas City, MO 64131
shane.williford@mazuma.org<mailto:shane.williford@mazuma.org>
816-361-4194 x6012
From: gptalk-owner@lists.gpoguy.com [mailto:gptalk-owner@lists.gpoguy.com] On Behalf Of Kopenski, Jack
Sent: Tuesday, March 02, 2010 10:29 AM
To: gptalk@lists.gpoguy.com
Subject: RE: [gptalk] Managing Mac's with Group Policy
Shane,
Initially I need the security settings (password settings, locking screen saving, etc). Do you have problems with those?
Jack
________________________________
From: gptalk-owner@lists.gpoguy.com [mailto:gptalk-owner@lists.gpoguy.com] On Behalf Of Shane Williford
Sent: Tuesday, March 02, 2010 10:41 AM
To: gptalk@lists.gpoguy.com
Subject: RE: [gptalk] Managing Mac's with Group Policy
We use Centrify, but it isn't reliable. What I mean by this is they aren't OS version independent like Windows GP is. Policies don't work as concretely as Windows GP and work minimally unless on a static MAC OS version. I know Windows has issues as well sometimes, thus this list ....but, Centrify *really* doesn't work too well. It does however work well for AD access, Home directory redirection, and auditing (since users authenticate with DCs). I'm not sure if the GP issue is Centrify-specific...it may be like that with any MAC-integrated solution. But, with my experience with Centrify is that GP security is shakey at best.
Regards.
Shane M. Williford
Systems Administrator
VCP3, MCSE, MCSA Sec, Sec+, Net+, A+
Mazuma Credit Union
9300 Troost
Kansas City, MO 64131
shane.williford@mazuma.org<mailto:shane.williford@mazuma.org>
816-361-4194 x6012
From: gptalk-owner@lists.gpoguy.com [mailto:gptalk-owner@lists.gpoguy.com] On Behalf Of Kopenski, Jack
Sent: Tuesday, March 02, 2010 9:30 AM
To: gptalk@lists.gpoguy.com
Subject: [gptalk] Managing Mac's with Group Policy
We have recently added our first Mac to our AD domain as a test and so we have the question, "how to manage them with GPO's"? I have found 3 vendors (Quest, Centrify, and Likewise) with products for this so is anyone using these, or others?
Any problems when Mac's and Group Policy meet?
Thanks,
Jack.Kopenski@compuware.com
The contents of this e-mail are intended for the named addressee only. It contains information that may be confidential. Unless you are the named addressee or an authorized designee, you may not copy or use it, or disclose it to anyone else. If you received it in error please notify us immediately and then destroy it.
________________________________
Notice: The information transmitted in this e-mail may contain confidential and/ or legally privileged information intended only for the use of the individual(s) named above. Review, use, disclosure, distribution, or forwarding of this information by persons or entities other than the intended recipient(s) is prohibited by law and may subject them to criminal or civil liabilities. Statements and opinion expressed in this e-mail may not represent those of Mazuma Credit Union. All e-mail communications through Mazuma's corporate email system are subject to archiving and review by someone other than the recipient. If you have received this communication in error, please notify the sender immediately and delete/destroy any and all copies of the original message from any computer or network system.
| | | |
| mike.elliottuk
Posts:29
| | 03/02/2010 8:57 PM |
| Anybody tried AdmitMac from Thursby software?
On 2 March 2010 18:13, Darren Mar-Elia <darren@sdmsoftware.com> wrote:
> I will add a bit to the conversation. While I don’t have hands-on
> practical experience using these 3rd party solutions, I do have
> architectural understanding of the Quest/Vintela solution and have generally
> been impressed by how they implemented their GP extensions. Perhaps others
> can pipe in with practical knowledge—I know that Quest was somewhat late to
> the party with their Mac support but I know the folks that worked on it and
> they are smart and generally do great architecture.
>
>
>
> That being said, any of these implementations of GP on non-Windows are
> going to be fraught with challenges, because each of the vendors has
> essentially had to build their own GP engine from scratch—none of them
> exactly mimics the behavior and function of GP on Windows.
>
>
>
> Darren
>
>
>
> *From:* gptalk-owner@lists.gpoguy.com [mailto:
> gptalk-owner@lists.gpoguy.com] *On Behalf Of *Shane Williford
> *Sent:* Tuesday, March 02, 2010 9:43 AM
>
> *To:* gptalk@lists.gpoguy.com
> *Subject:* RE: [gptalk] Managing Mac's with Group Policy
>
>
>
> Yes…as MAC OS versions at my org differ.
>
>
>
> Shane M. Williford
>
> Systems Administrator
>
> VCP3, MCSE, MCSA Sec, Sec+, Net+, A+
>
> Mazuma Credit Union
>
> 9300 Troost
>
> Kansas City, MO 64131
>
> shane.williford@mazuma.org
>
> 816-361-4194 x6012
>
>
>
> *From:* gptalk-owner@lists.gpoguy.com [mailto:
> gptalk-owner@lists.gpoguy.com] *On Behalf Of *Kopenski, Jack
> *Sent:* Tuesday, March 02, 2010 10:29 AM
> *To:* gptalk@lists.gpoguy.com
> *Subject:* RE: [gptalk] Managing Mac's with Group Policy
>
>
>
> Shane,
>
>
>
> Initially I need the security settings (password settings, locking screen
> saving, etc). Do you have problems with those?
>
>
>
> Jack
>
>
> ------------------------------
>
> *From:* gptalk-owner@lists.gpoguy.com [mailto:
> gptalk-owner@lists.gpoguy.com] *On Behalf Of *Shane Williford
> *Sent:* Tuesday, March 02, 2010 10:41 AM
> *To:* gptalk@lists.gpoguy.com
> *Subject:* RE: [gptalk] Managing Mac's with Group Policy
>
> We use Centrify, but it isn’t reliable. What I mean by this is they aren’t
> OS version *independent* like Windows GP is. Policies don’t work as
> concretely as Windows GP and work minimally unless on a static MAC OS
> version. I know Windows has issues as well sometimes, thus this list J….but, Centrify *
> *really** doesn’t work too well. It does however work well for AD access,
> Home directory redirection, and auditing (since users authenticate with
> DCs). I’m not sure if the GP issue is Centrify-specific…it may be like that
> with any MAC-integrated solution. But, with my experience with Centrify is
> that GP security is shakey at best.
>
>
> Regards.
>
>
>
> Shane M. Williford
>
> Systems Administrator
>
> VCP3, MCSE, MCSA Sec, Sec+, Net+, A+
>
> Mazuma Credit Union
>
> 9300 Troost
>
> Kansas City, MO 64131
>
> shane.williford@mazuma.org
>
> 816-361-4194 x6012
>
>
>
> *From:* gptalk-owner@lists.gpoguy.com [mailto:
> gptalk-owner@lists.gpoguy.com] *On Behalf Of *Kopenski, Jack
> *Sent:* Tuesday, March 02, 2010 9:30 AM
> *To:* gptalk@lists.gpoguy.com
> *Subject:* [gptalk] Managing Mac's with Group Policy
>
>
>
>
>
> We have recently added our first Mac to our AD domain as a test and so we
> have the question, "how to manage them with GPO's"? I have found 3 vendors
> (Quest, Centrify, and Likewise) with products for this so is anyone using
> these, or others?
>
> Any problems when Mac's and Group Policy meet?
>
> Thanks,
>
> Jack.Kopenski@compuware.com
>
>
>
>
>
>
> The contents of this e-mail are intended for the named addressee only. It
> contains information that may be confidential. Unless you are the named
> addressee or an authorized designee, you may not copy or use it, or disclose
> it to anyone else. If you received it in error please notify us immediately
> and then destroy it.
>
>
> ------------------------------
>
> Notice: The information transmitted in this e-mail may contain confidential
> and/ or legally privileged information intended only for the use of the
> individual(s) named above. Review, use, disclosure, distribution, or
> forwarding of this information by persons or entities other than the
> intended recipient(s) is prohibited by law and may subject them to criminal
> or civil liabilities. Statements and opinion expressed in this e-mail may
> not represent those of Mazuma Credit Union. All e-mail communications
> through Mazuma's corporate email system are subject to archiving and review
> by someone other than the recipient. If you have received this communication
> in error, please notify the sender immediately and delete/destroy any and
> all copies of the original message from any computer or network system.
>
| | | |
| JackKopenski
Posts:17
| | 03/03/2010 2:42 PM |
| Thanks Mike, that makes 4 vendors I have found. I am really surprised
there seems to be so little info from the gptalk world. I guess Macs in
AD and Group Policy is not a big issue.
________________________________
From: gptalk-owner@lists.gpoguy.com
[mailto:gptalk-owner@lists.gpoguy.com] On Behalf Of Mike Elliott
Sent: Tuesday, March 02, 2010 3:56 PM
To: gptalk@lists.gpoguy.com
Subject: Re: [gptalk] Managing Mac's with Group Policy
Available here http://www.thursby.com/products/admitmac.html
On 2 March 2010 20:55, Mike Elliott <mike.elliottuk@gmail.com> wrote:
Anybody tried AdmitMac from Thursby software?
On 2 March 2010 18:13, Darren Mar-Elia <darren@sdmsoftware.com>
wrote:
I will add a bit to the conversation. While I don't have
hands-on practical experience using these 3rd party solutions, I do have
architectural understanding of the Quest/Vintela solution and have
generally been impressed by how they implemented their GP extensions.
Perhaps others can pipe in with practical knowledge-I know that Quest
was somewhat late to the party with their Mac support but I know the
folks that worked on it and they are smart and generally do great
architecture.
That being said, any of these implementations of GP on
non-Windows are going to be fraught with challenges, because each of the
vendors has essentially had to build their own GP engine from
scratch-none of them exactly mimics the behavior and function of GP on
Windows.
Darren
From: gptalk-owner@lists.gpoguy.com
[mailto:gptalk-owner@lists.gpoguy.com] On Behalf Of Shane Williford
Sent: Tuesday, March 02, 2010 9:43 AM
To: gptalk@lists.gpoguy.com
Subject: RE: [gptalk] Managing Mac's with Group Policy
Yes...as MAC OS versions at my org differ.
Shane M. Williford
Systems Administrator
VCP3, MCSE, MCSA Sec, Sec+, Net+, A+
Mazuma Credit Union
9300 Troost
Kansas City, MO 64131
shane.williford@mazuma.org
816-361-4194 x6012
From: gptalk-owner@lists.gpoguy.com
[mailto:gptalk-owner@lists.gpoguy.com] On Behalf Of Kopenski, Jack
Sent: Tuesday, March 02, 2010 10:29 AM
To: gptalk@lists.gpoguy.com
Subject: RE: [gptalk] Managing Mac's with Group Policy
Shane,
Initially I need the security settings (password
settings, locking screen saving, etc). Do you have problems with those?
Jack
________________________________
From: gptalk-owner@lists.gpoguy.com
[mailto:gptalk-owner@lists.gpoguy.com] On Behalf Of Shane Williford
Sent: Tuesday, March 02, 2010 10:41 AM
To: gptalk@lists.gpoguy.com
Subject: RE: [gptalk] Managing Mac's with Group Policy
We use Centrify, but it isn't reliable. What I mean by
this is they aren't OS version independent like Windows GP is. Policies
don't work as concretely as Windows GP and work minimally unless on a
static MAC OS version. I know Windows has issues as well sometimes, thus
this list J ....but, Centrify *really* doesn't work too well. It does
however work well for AD access, Home directory redirection, and
auditing (since users authenticate with DCs). I'm not sure if the GP
issue is Centrify-specific...it may be like that with any MAC-integrated
solution. But, with my experience with Centrify is that GP security is
shakey at best.
Regards.
Shane M. Williford
Systems Administrator
VCP3, MCSE, MCSA Sec, Sec+, Net+, A+
Mazuma Credit Union
9300 Troost
Kansas City, MO 64131
shane.williford@mazuma.org
816-361-4194 x6012
From: gptalk-owner@lists.gpoguy.com
[mailto:gptalk-owner@lists.gpoguy.com] On Behalf Of Kopenski, Jack
Sent: Tuesday, March 02, 2010 9:30 AM
To: gptalk@lists.gpoguy.com
Subject: [gptalk] Managing Mac's with Group Policy
We have recently added our first Mac to our AD domain as
a test and so we have the question, "how to manage them with GPO's"? I
have found 3 vendors (Quest, Centrify, and Likewise) with products for
this so is anyone using these, or others?
Any problems when Mac's and Group Policy meet?
Thanks,
Jack.Kopenski@compuware.com
The contents of this e-mail are intended for the named
addressee only. It contains information that may be confidential. Unless
you are the named addressee or an authorized designee, you may not copy
or use it, or disclose it to anyone else. If you received it in error
please notify us immediately and then destroy it.
________________________________
Notice: The information transmitted in this e-mail may
contain confidential and/ or legally privileged information intended
only for the use of the individual(s) named above. Review, use,
disclosure, distribution, or forwarding of this information by persons
or entities other than the intended recipient(s) is prohibited by law
and may subject them to criminal or civil liabilities. Statements and
opinion expressed in this e-mail may not represent those of Mazuma
Credit Union. All e-mail communications through Mazuma's corporate email
system are subject to archiving and review by someone other than the
recipient. If you have received this communication in error, please
notify the sender immediately and delete/destroy any and all copies of
the original message from any computer or network system.
| | | |
| mike.elliottuk
Posts:29
| | 03/03/2010 3:20 PM |
| Anybody know if macs can take advantage of site awareness when in AD?
On 3 March 2010 14:40, Kopenski, Jack <Jack.Kopenski@compuware.com> wrote:
> Thanks Mike, that makes 4 vendors I have found. I am really surprised
> there seems to be so little info from the gptalk world. I guess Macs in AD
> and Group Policy is not a big issue.
>
> ------------------------------
> *From:* gptalk-owner@lists.gpoguy.com [mailto:
> gptalk-owner@lists.gpoguy.com] *On Behalf Of *Mike Elliott
> *Sent:* Tuesday, March 02, 2010 3:56 PM
>
> *To:* gptalk@lists.gpoguy.com
> *Subject:* Re: [gptalk] Managing Mac's with Group Policy
>
> Available here http://www.thursby.com/products/admitmac.html
>
>
>
> On 2 March 2010 20:55, Mike Elliott <mike.elliottuk@gmail.com> wrote:
>
>> Anybody tried AdmitMac from Thursby software?
>>
>>
>> On 2 March 2010 18:13, Darren Mar-Elia <darren@sdmsoftware.com> wrote:
>>
>>> I will add a bit to the conversation. While I don’t have hands-on
>>> practical experience using these 3rd party solutions, I do have
>>> architectural understanding of the Quest/Vintela solution and have generally
>>> been impressed by how they implemented their GP extensions. Perhaps others
>>> can pipe in with practical knowledge—I know that Quest was somewhat late to
>>> the party with their Mac support but I know the folks that worked on it and
>>> they are smart and generally do great architecture.
>>>
>>>
>>>
>>> That being said, any of these implementations of GP on non-Windows are
>>> going to be fraught with challenges, because each of the vendors has
>>> essentially had to build their own GP engine from scratch—none of them
>>> exactly mimics the behavior and function of GP on Windows.
>>>
>>>
>>>
>>> Darren
>>>
>>>
>>>
>>> *From:* gptalk-owner@lists.gpoguy.com [mailto:
>>> gptalk-owner@lists.gpoguy.com] *On Behalf Of *Shane Williford
>>> *Sent:* Tuesday, March 02, 2010 9:43 AM
>>>
>>> *To:* gptalk@lists.gpoguy.com
>>> *Subject:* RE: [gptalk] Managing Mac's with Group Policy
>>>
>>>
>>>
>>> Yes…as MAC OS versions at my org differ.
>>>
>>>
>>>
>>> Shane M. Williford
>>>
>>> Systems Administrator
>>>
>>> VCP3, MCSE, MCSA Sec, Sec+, Net+, A+
>>>
>>> Mazuma Credit Union
>>>
>>> 9300 Troost
>>>
>>> Kansas City, MO 64131
>>>
>>> shane.williford@mazuma.org
>>>
>>> 816-361-4194 x6012
>>>
>>>
>>>
>>> *From:* gptalk-owner@lists.gpoguy.com [mailto:
>>> gptalk-owner@lists.gpoguy.com] *On Behalf Of *Kopenski, Jack
>>> *Sent:* Tuesday, March 02, 2010 10:29 AM
>>> *To:* gptalk@lists.gpoguy.com
>>> *Subject:* RE: [gptalk] Managing Mac's with Group Policy
>>>
>>>
>>>
>>> Shane,
>>>
>>>
>>>
>>> Initially I need the security settings (password settings, locking screen
>>> saving, etc). Do you have problems with those?
>>>
>>>
>>>
>>> Jack
>>>
>>>
>>> ------------------------------
>>>
>>> *From:* gptalk-owner@lists.gpoguy.com [mailto:
>>> gptalk-owner@lists.gpoguy.com] *On Behalf Of *Shane Williford
>>> *Sent:* Tuesday, March 02, 2010 10:41 AM
>>> *To:* gptalk@lists.gpoguy.com
>>> *Subject:* RE: [gptalk] Managing Mac's with Group Policy
>>>
>>> We use Centrify, but it isn’t reliable. What I mean by this is they
>>> aren’t OS version *independent* like Windows GP is. Policies don’t work
>>> as concretely as Windows GP and work minimally unless on a static MAC OS
>>> version. I know Windows has issues as well sometimes, thus this list J….but, Centrify *
>>> *really** doesn’t work too well. It does however work well for AD
>>> access, Home directory redirection, and auditing (since users authenticate
>>> with DCs). I’m not sure if the GP issue is Centrify-specific…it may be like
>>> that with any MAC-integrated solution. But, with my experience with Centrify
>>> is that GP security is shakey at best.
>>>
>>>
>>> Regards.
>>>
>>>
>>>
>>> Shane M. Williford
>>>
>>> Systems Administrator
>>>
>>> VCP3, MCSE, MCSA Sec, Sec+, Net+, A+
>>>
>>> Mazuma Credit Union
>>>
>>> 9300 Troost
>>>
>>> Kansas City, MO 64131
>>>
>>> shane.williford@mazuma.org
>>>
>>> 816-361-4194 x6012
>>>
>>>
>>>
>>> *From:* gptalk-owner@lists.gpoguy.com [mailto:
>>> gptalk-owner@lists.gpoguy.com] *On Behalf Of *Kopenski, Jack
>>> *Sent:* Tuesday, March 02, 2010 9:30 AM
>>> *To:* gptalk@lists.gpoguy.com
>>> *Subject:* [gptalk] Managing Mac's with Group Policy
>>>
>>>
>>>
>>>
>>>
>>> We have recently added our first Mac to our AD domain as a test and so we
>>> have the question, "how to manage them with GPO's"? I have found 3 vendors
>>> (Quest, Centrify, and Likewise) with products for this so is anyone using
>>> these, or others?
>>>
>>> Any problems when Mac's and Group Policy meet?
>>>
>>> Thanks,
>>>
>>> Jack.Kopenski@compuware.com
>>>
>>>
>>>
>>>
>>>
>>>
>>> The contents of this e-mail are intended for the named addressee only. It
>>> contains information that may be confidential. Unless you are the named
>>> addressee or an authorized designee, you may not copy or use it, or disclose
>>> it to anyone else. If you received it in error please notify us immediately
>>> and then destroy it.
>>>
>>>
>>> ------------------------------
>>>
>>> Notice: The information transmitted in this e-mail may contain
>>> confidential and/ or legally privileged information intended only for the
>>> use of the individual(s) named above. Review, use, disclosure, distribution,
>>> or forwarding of this information by persons or entities other than the
>>> intended recipient(s) is prohibited by law and may subject them to criminal
>>> or civil liabilities. Statements and opinion expressed in this e-mail may
>>> not represent those of Mazuma Credit Union. All e-mail communications
>>> through Mazuma's corporate email system are subject to archiving and review
>>> by someone other than the recipient. If you have received this communication
>>> in error, please notify the sender immediately and delete/destroy any and
>>> all copies of the original message from any computer or network system.
>>>
>>
>>
>
| | | |
| dmarelia
Posts:230
| | 03/03/2010 4:38 PM |
| Jack-
I know folks are using it out there, but I think its still a small percentage of the overall population of non-Windows integrated clients. Perhaps you'll find more takers if you post this same question to the ActiveDir mailing list?
Darren
From: gptalk-owner@lists.gpoguy.com [mailto:gptalk-owner@lists.gpoguy.com] On Behalf Of Kopenski, Jack
Sent: Wednesday, March 03, 2010 6:40 AM
To: gptalk@lists.gpoguy.com
Subject: RE: [gptalk] Managing Mac's with Group Policy
Thanks Mike, that makes 4 vendors I have found. I am really surprised there seems to be so little info from the gptalk world. I guess Macs in AD and Group Policy is not a big issue.
________________________________
From: gptalk-owner@lists.gpoguy.com [mailto:gptalk-owner@lists.gpoguy.com] On Behalf Of Mike Elliott
Sent: Tuesday, March 02, 2010 3:56 PM
To: gptalk@lists.gpoguy.com
Subject: Re: [gptalk] Managing Mac's with Group Policy
Available here http://www.thursby.com/products/admitmac.html
On 2 March 2010 20:55, Mike Elliott <mike.elliottuk@gmail.com<mailto:mike.elliottuk@gmail.com>> wrote:
Anybody tried AdmitMac from Thursby software?
On 2 March 2010 18:13, Darren Mar-Elia <darren@sdmsoftware.com<mailto:darren@sdmsoftware.com>> wrote:
I will add a bit to the conversation. While I don't have hands-on practical experience using these 3rd party solutions, I do have architectural understanding of the Quest/Vintela solution and have generally been impressed by how they implemented their GP extensions. Perhaps others can pipe in with practical knowledge-I know that Quest was somewhat late to the party with their Mac support but I know the folks that worked on it and they are smart and generally do great architecture.
That being said, any of these implementations of GP on non-Windows are going to be fraught with challenges, because each of the vendors has essentially had to build their own GP engine from scratch-none of them exactly mimics the behavior and function of GP on Windows.
Darren
From: gptalk-owner@lists.gpoguy.com<mailto:gptalk-owner@lists.gpoguy.com> [mailto:gptalk-owner@lists.gpoguy.com<mailto:gptalk-owner@lists.gpoguy.com>] On Behalf Of Shane Williford
Sent: Tuesday, March 02, 2010 9:43 AM
To: gptalk@lists.gpoguy.com<mailto:gptalk@lists.gpoguy.com>
Subject: RE: [gptalk] Managing Mac's with Group Policy
Yes...as MAC OS versions at my org differ.
Shane M. Williford
Systems Administrator
VCP3, MCSE, MCSA Sec, Sec+, Net+, A+
Mazuma Credit Union
9300 Troost
Kansas City, MO 64131
shane.williford@mazuma.org<mailto:shane.williford@mazuma.org>
816-361-4194 x6012
From: gptalk-owner@lists.gpoguy.com<mailto:gptalk-owner@lists.gpoguy.com> [mailto:gptalk-owner@lists.gpoguy.com<mailto:gptalk-owner@lists.gpoguy.com>] On Behalf Of Kopenski, Jack
Sent: Tuesday, March 02, 2010 10:29 AM
To: gptalk@lists.gpoguy.com<mailto:gptalk@lists.gpoguy.com>
Subject: RE: [gptalk] Managing Mac's with Group Policy
Shane,
Initially I need the security settings (password settings, locking screen saving, etc). Do you have problems with those?
Jack
________________________________
From: gptalk-owner@lists.gpoguy.com<mailto:gptalk-owner@lists.gpoguy.com> [mailto:gptalk-owner@lists.gpoguy.com<mailto:gptalk-owner@lists.gpoguy.com>] On Behalf Of Shane Williford
Sent: Tuesday, March 02, 2010 10:41 AM
To: gptalk@lists.gpoguy.com<mailto:gptalk@lists.gpoguy.com>
Subject: RE: [gptalk] Managing Mac's with Group Policy
We use Centrify, but it isn't reliable. What I mean by this is they aren't OS version independent like Windows GP is. Policies don't work as concretely as Windows GP and work minimally unless on a static MAC OS version. I know Windows has issues as well sometimes, thus this list ....but, Centrify *really* doesn't work too well. It does however work well for AD access, Home directory redirection, and auditing (since users authenticate with DCs). I'm not sure if the GP issue is Centrify-specific...it may be like that with any MAC-integrated solution. But, with my experience with Centrify is that GP security is shakey at best.
Regards.
Shane M. Williford
Systems Administrator
VCP3, MCSE, MCSA Sec, Sec+, Net+, A+
Mazuma Credit Union
9300 Troost
Kansas City, MO 64131
shane.williford@mazuma.org<mailto:shane.williford@mazuma.org>
816-361-4194 x6012
From: gptalk-owner@lists.gpoguy.com<mailto:gptalk-owner@lists.gpoguy.com> [mailto:gptalk-owner@lists.gpoguy.com<mailto:gptalk-owner@lists.gpoguy.com>] On Behalf Of Kopenski, Jack
Sent: Tuesday, March 02, 2010 9:30 AM
To: gptalk@lists.gpoguy.com<mailto:gptalk@lists.gpoguy.com>
Subject: [gptalk] Managing Mac's with Group Policy
We have recently added our first Mac to our AD domain as a test and so we have the question, "how to manage them with GPO's"? I have found 3 vendors (Quest, Centrify, and Likewise) with products for this so is anyone using these, or others?
Any problems when Mac's and Group Policy meet?
Thanks,
Jack.Kopenski@compuware.com<mailto:Jack.Kopenski@compuware.com>
The contents of this e-mail are intended for the named addressee only. It contains information that may be confidential. Unless you are the named addressee or an authorized designee, you may not copy or use it, or disclose it to anyone else. If you received it in error please notify us immediately and then destroy it.
________________________________
Notice: The information transmitted in this e-mail may contain confidential and/ or legally privileged information intended only for the use of the individual(s) named above. Review, use, disclosure, distribution, or forwarding of this information by persons or entities other than the intended recipient(s) is prohibited by law and may subject them to criminal or civil liabilities. Statements and opinion expressed in this e-mail may not represent those of Mazuma Credit Union. All e-mail communications through Mazuma's corporate email system are subject to archiving and review by someone other than the recipient. If you have received this communication in error, please notify the sender immediately and delete/destroy any and all copies of the original message from any computer or network system.
| | | |
| shanewilliford
Posts:36
| | 03/03/2010 4:42 PM |
| Yes...they do; they authenticate on the subnet they are configured for just like PCs, just as Darren mentions.
Shane M. Williford
Systems Administrator
VCP3, MCSE, MCSA Sec, Sec+, Net+, A+
Mazuma Credit Union
9300 Troost
Kansas City, MO 64131
shane.williford@mazuma.org<mailto:shane.williford@mazuma.org>
816-361-4194 x6012
From: gptalk-owner@lists.gpoguy.com [mailto:gptalk-owner@lists.gpoguy.com] On Behalf Of Darren Mar-Elia
Sent: Wednesday, March 03, 2010 10:38 AM
To: gptalk@lists.gpoguy.com
Subject: RE: [gptalk] Managing Mac's with Group Policy
Mike-
If you mean whether Macs will authenticate to their closest AD domain controller, I suspect it depends on the vendor implementation of their AD authentication client, but from what I've seen, most of the vendors do seem to be able to do this.
Darren
From: gptalk-owner@lists.gpoguy.com [mailto:gptalk-owner@lists.gpoguy.com] On Behalf Of Mike Elliott
Sent: Wednesday, March 03, 2010 7:19 AM
To: gptalk@lists.gpoguy.com
Subject: Re: [gptalk] Managing Mac's with Group Policy
Anybody know if macs can take advantage of site awareness when in AD?
On 3 March 2010 14:40, Kopenski, Jack <Jack.Kopenski@compuware.com<mailto:Jack.Kopenski@compuware.com>> wrote:
Thanks Mike, that makes 4 vendors I have found. I am really surprised there seems to be so little info from the gptalk world. I guess Macs in AD and Group Policy is not a big issue.
________________________________
From: gptalk-owner@lists.gpoguy.com<mailto:gptalk-owner@lists.gpoguy.com> [mailto:gptalk-owner@lists.gpoguy.com<mailto:gptalk-owner@lists.gpoguy.com>] On Behalf Of Mike Elliott
Sent: Tuesday, March 02, 2010 3:56 PM
To: gptalk@lists.gpoguy.com<mailto:gptalk@lists.gpoguy.com>
Subject: Re: [gptalk] Managing Mac's with Group Policy
Available here http://www.thursby.com/products/admitmac.html
On 2 March 2010 20:55, Mike Elliott <mike.elliottuk@gmail.com<mailto:mike.elliottuk@gmail.com>> wrote:
Anybody tried AdmitMac from Thursby software?
On 2 March 2010 18:13, Darren Mar-Elia <darren@sdmsoftware.com<mailto:darren@sdmsoftware.com>> wrote:
I will add a bit to the conversation. While I don't have hands-on practical experience using these 3rd party solutions, I do have architectural understanding of the Quest/Vintela solution and have generally been impressed by how they implemented their GP extensions. Perhaps others can pipe in with practical knowledge-I know that Quest was somewhat late to the party with their Mac support but I know the folks that worked on it and they are smart and generally do great architecture.
That being said, any of these implementations of GP on non-Windows are going to be fraught with challenges, because each of the vendors has essentially had to build their own GP engine from scratch-none of them exactly mimics the behavior and function of GP on Windows.
Darren
From: gptalk-owner@lists.gpoguy.com<mailto:gptalk-owner@lists.gpoguy.com> [mailto:gptalk-owner@lists.gpoguy.com<mailto:gptalk-owner@lists.gpoguy.com>] On Behalf Of Shane Williford
Sent: Tuesday, March 02, 2010 9:43 AM
To: gptalk@lists.gpoguy.com<mailto:gptalk@lists.gpoguy.com>
Subject: RE: [gptalk] Managing Mac's with Group Policy
Yes...as MAC OS versions at my org differ.
Shane M. Williford
Systems Administrator
VCP3, MCSE, MCSA Sec, Sec+, Net+, A+
Mazuma Credit Union
9300 Troost
Kansas City, MO 64131
shane.williford@mazuma.org<mailto:shane.williford@mazuma.org>
816-361-4194 x6012
From: gptalk-owner@lists.gpoguy.com<mailto:gptalk-owner@lists.gpoguy.com> [mailto:gptalk-owner@lists.gpoguy.com<mailto:gptalk-owner@lists.gpoguy.com>] On Behalf Of Kopenski, Jack
Sent: Tuesday, March 02, 2010 10:29 AM
To: gptalk@lists.gpoguy.com<mailto:gptalk@lists.gpoguy.com>
Subject: RE: [gptalk] Managing Mac's with Group Policy
Shane,
Initially I need the security settings (password settings, locking screen saving, etc). Do you have problems with those?
Jack
________________________________
From: gptalk-owner@lists.gpoguy.com<mailto:gptalk-owner@lists.gpoguy.com> [mailto:gptalk-owner@lists.gpoguy.com<mailto:gptalk-owner@lists.gpoguy.com>] On Behalf Of Shane Williford
Sent: Tuesday, March 02, 2010 10:41 AM
To: gptalk@lists.gpoguy.com<mailto:gptalk@lists.gpoguy.com>
Subject: RE: [gptalk] Managing Mac's with Group Policy
We use Centrify, but it isn't reliable. What I mean by this is they aren't OS version independent like Windows GP is. Policies don't work as concretely as Windows GP and work minimally unless on a static MAC OS version. I know Windows has issues as well sometimes, thus this list ....but, Centrify *really* doesn't work too well. It does however work well for AD access, Home directory redirection, and auditing (since users authenticate with DCs). I'm not sure if the GP issue is Centrify-specific...it may be like that with any MAC-integrated solution. But, with my experience with Centrify is that GP security is shakey at best.
Regards.
Shane M. Williford
Systems Administrator
VCP3, MCSE, MCSA Sec, Sec+, Net+, A+
Mazuma Credit Union
9300 Troost
Kansas City, MO 64131
shane.williford@mazuma.org<mailto:shane.williford@mazuma.org>
816-361-4194 x6012
From: gptalk-owner@lists.gpoguy.com<mailto:gptalk-owner@lists.gpoguy.com> [mailto:gptalk-owner@lists.gpoguy.com<mailto:gptalk-owner@lists.gpoguy.com>] On Behalf Of Kopenski, Jack
Sent: Tuesday, March 02, 2010 9:30 AM
To: gptalk@lists.gpoguy.com<mailto:gptalk@lists.gpoguy.com>
Subject: [gptalk] Managing Mac's with Group Policy
We have recently added our first Mac to our AD domain as a test and so we have the question, "how to manage them with GPO's"? I have found 3 vendors (Quest, Centrify, and Likewise) with products for this so is anyone using these, or others?
Any problems when Mac's and Group Policy meet?
Thanks,
Jack.Kopenski@compuware.com<mailto:Jack.Kopenski@compuware.com>
The contents of this e-mail are intended for the named addressee only. It contains information that may be confidential. Unless you are the named addressee or an authorized designee, you may not copy or use it, or disclose it to anyone else. If you received it in error please notify us immediately and then destroy it.
________________________________
Notice: The information transmitted in this e-mail may contain confidential and/ or legally privileged information intended only for the use of the individual(s) named above. Review, use, disclosure, distribution, or forwarding of this information by persons or entities other than the intended recipient(s) is prohibited by law and may subject them to criminal or civil liabilities. Statements and opinion expressed in this e-mail may not represent those of Mazuma Credit Union. All e-mail communications through Mazuma's corporate email system are subject to archiving and review by someone other than the recipient. If you have received this communication in error, please notify the sender immediately and delete/destroy any and all copies of the original message from any computer or network system.
| | | |
|
|