Home Forums OS X Server and Client Discussion Active Directory AD Group Policy on Mac Clients

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • July 14, 2005 at 3:20 pm #362322
    Anonymous
    Guest

    Hello,

    We are currently running an entirely PC infrastructure with Win2k3 servers and XP clients. We are looking to add about 50 G5 workstations for the next year. Obviously I wanted a universal login between the two platforms, which I have achieved via Directory Access on my tester mac client, but the next steps im a little stumped on.

    First: How do I mount a users home folder on login? It seems easy to do manually, but is there a way I can do this so I dont have to manually create a script on every machine?

    Second: I know this is easily done with OS X server, but is there a way I can get my mac clients to have desktop restrictions via Windows Group Policy? Or is this the holy grail which hasn’t quite been found yet?

    thanks

    July 15, 2005 at 3:20 am #362329
    AMSR
    Participant

    The AD plugin should try to mount the home specified in the “Profile” tab in the Account Properties pane in AD. Note, that you will need at least “list” permissions on all of the folders up to and including your home directory for it to mount. The AD plugin takes the UNC path to the home and converts it to URL type string like:

    \\server\folder\home

    smb://server.example.com/folder/home

    It then tries to mount the share on the desktop using AFP or SMB, whatever you select.

    As for the group policies, the Mac has no idea what windows group policy objects are all about. What you’d need to do is either extend the AD schema with the Apple management schema (this would allow you to use workgroup manager against AD and manage your macs), or use an Open Directory server in addition to AD to supplement the management data.

    July 18, 2005 at 9:28 pm #362362
    Anonymous
    Guest

    [QUOTE BY= AMSR]What you’d need to do is either extend the AD schema with the Apple management schema (this would allow you to use workgroup manager against AD and manage your macs), or use an Open Directory server in addition to AD to supplement the management data.

    [/QUOTE]

    Couldyou elaborate on the Apple management Schema? Google isnt giving me much on the subject, and it seems like the best option for our system.

    July 21, 2005 at 9:29 pm #362434
    dom9inic
    Participant

    Good to know about the AD schema and home dir mounting being specified in the profile rather than logon script. I think that might be why I’ve had no success yet with SMB home dirs mounting as peeking at the AD schema shows no homeDir specified in lookupd.

    Cheers,

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2026 AFP548. All Rights Reserved.