Magic Triangle and AD authentication with OD WGM

[dabyblos]

Hi All,
We’re using an OD WGM (10.5) and AD (win2k3). Users are in AD groups and those groups are in OD groups for User Group Management. I have found that since we are authenticating against the AD, Users that are not within OD groups are still able to login to the Macs and not receive WGM management. I understand why this could happen. My question is, how do I prevent it (or is my setup wrong)? I dont want to add every user into a wgm user group (as we have 1000s of users not using Mac and to much management) or add a top level OU, then every user will be in 2 or more groups (potential user error logging into wrong group). What would be good is to prevent users from login in to a Mac if they are not in an OD group. Any idea welcome.
Thanx

[arekdreyer]

Remember that you can apply management at the user, computer, and workgroup level. So if an AD user isn’t a member of a workgroup, they are certainly logging in to a computer, so manage at that level.

Consider setting up a Guest computer record, and applying your managed preferences there.

The Guest computer record applies to computers that are not part of a computer list or computer group; if you have computer lists or groups defined, then apply managed preferences at that level.

One of the preferences at the computer level is to allow only members of certain workgroups to log in, which would disallow the AD users (that aren’t part of an OD workgroup) from logging in.

[dabyblos]

Thanks, that’s given me some things to try.

[Author]

Posts