- #Centrify express mac os active directory for mac os x#
- #Centrify express mac os active directory install#
- #Centrify express mac os active directory full#
Each Mac user must be assigned to a zone but can be a member of more than one zone.
#Centrify express mac os active directory for mac os x#
They’re used to apply necessary attributes to user accounts for Mac OS X (as well as other Unix versions) without making major schema changes to Active Directory. Overall, the installation process on both client and server side is very painless, even if you’re not used to working with Macs.ĭirect Control introduces a type of organizational tool called zones. The process is simple and similar to that of joining a Windows PC to a domain. You can join the Mac to a domain using either the command-line tool or the Directory Access utility. The system agent includes a series of command-line tools and a plug-in for Apple’s Directory Access utility. Again, this is a simple installer that can be run either as a Mac OS X installer package or a command-line shell script.
#Centrify express mac os active directory install#
On the client side, you’ll need to install the Mac system agent.
Then you’ll need to use either the Group Policy Management Console or Group Policy Object Editor to add the appropriate administrative templates to a new or existing group policy object. After that, you can add a Centrify snap-in to any Microsoft Management Console for easy management. On the server side, once you’ve run the installer, you need to open the Centrify management console and configure the appropriate Direct Control organization tools. Installing Direct Control and its Mac system agent is extremely simple and straightforward. Further, Direct Control extends Active Directory’s smart-card authentication support to work seamlessly with Mac OS X. Also, Directory Access uses the ADSI protocol.
#Centrify express mac os active directory full#
This means that you must lower the domain security policy for Windows 2003 Server to support Mac clients, which can expose an Active Directory domain to increased risk of network attacks.ĭirect Control for Mac offers full support for signed communication with Active Directory, although it does rely on Apple’s variation of Samba to provide access to file shares and print queue, and this version of Samba doesn’t support signed communication. But it provides no support for configuring a managed user environment.Īnother major limitation is that Apple’s Active Directory solution uses LDAP rather than Microsoft’s ADSI protocol when authenticating users, and it doesn’t support signed LDAP communication. It provides very little support for securing local resources-although, by default, it doesn’t grant Active Directory users local administrator access, so there is some safeguard. But that support is limited to letting users log into a Mac workstation using an Active Directory account. And they still need to be controlled and secured according to company policies and government regulations.Īpple does include some Active Directory support in Although Macs typically make up a small fraction of the total number of PCs in a corporate network, they often still need access to the resources of that network. Direct Control for Mac fulfills a common need.
0 kommentar(er)
