[catfeetstop]

Thanks for your input, this helps.

[QUOTE][u]Quote by: gneagle[/u][p][QUOTE][u]Quote by: catfeetstop[/u][p]I’m new to enterprise Mac administration and I’m trying to figure out the best way to handle admin rights on our client Macs. I’ve looked around already and I know a lot of these questions have been answered elsewhere but I’m still having a hard time understanding the topic. If you have references to those other answers I’d love to see them. I still have some questions that I was looking for your input on and would love to hear your experiences. We’d like to create the best user experience possible and we don’t think our users will be happy if every time they want to install/update software or use the Mac AppStore they have to wait for a Sysadmin’s interaction.

Currently in our setup, our users login to their Macs as “standard” users using their AD credentials. We have our AD schema extended to allow MCX management through Workgroup Manager. Our Sysadmins administer the client computers because of the “Allow administration by…” option of the AD plugin. We have a growing number of Macs in our business and my questions are:

1. How do you guys handle admin accounts for client computers?[/QUOTE]

We give admin rights to regular users only if absolutely needed.

[/p][/QUOTE]

[catfeetstop]

This is so incredibly helpful. Thank you so much for your input!

[QUOTE][u]Quote by: tlarkin[/u][p][QUOTE][u]Quote by: catfeetstop[/u][p]I’m new to enterprise Mac administration and I’m trying to figure out the best way to handle admin rights on our client Macs. I’ve looked around already and I know a lot of these questions have been answered elsewhere but I’m still having a hard time understanding the topic. If you have references to those other answers I’d love to see them. I still have some questions that I was looking for your input on and would love to hear your experiences. We’d like to create the best user experience possible and we don’t think our users will be happy if every time they want to install/update software or use the Mac AppStore they have to wait for a Sysadmin’s interaction.

Currently in our setup, our users login to their Macs as “standard” users using their AD credentials. We have our AD schema extended to allow MCX management through Workgroup Manager. Our Sysadmins administer the client computers because of the “Allow administration by…” option of the AD plugin. We have a growing number of Macs in our business and my questions are:

1. How do you guys handle admin accounts for client computers?[/quote]

I work in academia, so we have departments. Students are never given admin rights at all. Optional software is done via Self Service installs the students can trigger themselves (part of Casper Suite). Other departments and staff are granted admin rights, but we just roll out a local admin account for them to use. They still log into their own network account which is managed (very lightly) and when they need to use admin credentials to install their own software or whatever, they just use the local admin account they are given. Which is a separate account from all other local accounts so I can zap it or mass password change it if it gets leaked or abused.

[/p][/QUOTE]

[catfeetstop]

BTW, we’re using the Snow Leopard server version 10.6.7.

[Author]

Posts