Managing single user accounts…

[bentoms]

Hi guys,

I know that when you follow the AD-OD Intergration docs you can manage users via group & computer lists but is it feasilbe to manage users induvidually too… other than via ADmitMAC?

(I know WGM is can only READ the AD LDAPv3 directory but jus asking…)

Also, what do you guys think of ADmitMAC? Anything I should look out for when testing?

[bentoms]

Well, to be honest, a lot!!!

I work for a London Council with 7,000 employees & some 250+ Macs within that I manage.

Within this we have a SAN of 320TB (at the moment it is being doubled soon) & is a user needs access to a share they need to get the correct authorisation… then we (if they are a PC user auto-map as NW Drive to the share) but if I can manage the users then I can do this thru ADmitMac…

Also application licensing is an issue…. All Macs within computer group MACDESxx will have some apps on them… Now all users within the MACDESxx users team will have access to all the extra installed MACDESxx apps.. but when someone else needs to login (for Disaster Recovery) they may be able to see all of these apps but will not be able to launch them as they do not have rights due to a license not being purchased for those users…

Does that make sense?

[bentoms]

[QUOTE][u]Quote by: macshome[/u][p]Unless I’m missing something unique to your setup, setting access rights to a file share is just about having an AD login. As long as the user is in a group that has access to that share they should be able to use it just fine, no MCX needed at all.[/p][/QUOTE]

Yep you are missing something… 😉

I probably didn’t make it that clear…. but you answered my question with your first post but below is the config…

User john.smith is a designer & part of the D&R/Design group.

As such he will have access to all MACDESxx (asset tag named) Macs & all applications installed as per their requirements within the build: Quark, CS, as well as the apps set as standard for all Mac Users Office etc…

For Disaster Recovery purposes he will also be able to login to any Macs but he will only have access to the apps that he has a license for.

So, I will create a preset for MACDESxx users & MCX settings via group policy.

If john.smith requires an application that no others of his team have a license for I will add thew application to all MACDESxx Macs via ARD but only allow him to have access…

Makes sense?

[quote]As far as application blacklisting goes you could do that by group. Trying to use mcx to manage 7000 individual client blacklists is going to make your head blow off…[/quote]

There are only going to be 250 Mac Users tops…. & I will be migrating them on a team by team basis… so the workload will be distributed over time… also as all users currently log in locally that little Home Mover app will really come in handy!!

[Jake Summers]

You may also want to check out Centrify DirectControl (http://www.centrify.com/mac), it integrates macs (and unix and linux systems) into AD and also provides group policies for Macs … basically everything you get in WGM has been implemented as AD GPs for the Mac … just a suggestion …

[Author]

Posts