HA! I think I still have a copy of Windows 98 SE somewhere around here...
--Matt Ross Ephrata School District ----- Original Message ----- From: Bill Humphries [mailto:nt...@hedgedigger.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Mon, 17 Oct 2011 13:00:24 -0700 Subject: Re: Macs and vunerabilities > I have a Mac SE in my attic. I think it needs a harddrive. i hope i > still have the system 7 OS floppies. > > Bill > > > David Lum wrote: > > In this environment do you have a "Mac SE" and a "Windows SE", or does the > same person manage both? Seems to be adding quite a bit to one's plate. > > > > -----Original Message----- > > From: David Lum [mailto:david....@nwea.org] > > Sent: Monday, October 17, 2011 9:07 AM > > To: NT System Admin Issues > > Subject: RE: Macs and vunerabilities > > > > Thanks for all this information Matt, it's greatly appreciated!! > > > > -----Original Message----- > > From: Matthew W. Ross [mailto:mr...@ephrataschools.org] > > Sent: Monday, October 17, 2011 8:57 AM > > To: NT System Admin Issues > > Subject: RE: Macs and vunerabilities > > > > You are correct, many of these things you cannot do from a Active > Directory. There may be a few tricks you can use to force some of these > (login scripts, remote ssh, etc.) but I'm sure you're more interested in > something a little more centralized. > > > > If you want the Apple solution, check out Open Directory and Apple Remote > Desktop. > > > > Open Directory is a component of Mac OS X Server, and it is Apple's > attempt at a directory service ala Active Directory, but for Macs. If you do > go this route, I recommend joining the Macs to both your Active Directory > and the Open directory at the same time. Have your user's login using their > AD credentials, while the Macs get their settings from OD. This is what's > know in the mac IT circles as the "Golden Triangle". > > > > Apple Remote Desktop is, at first glance, your basic remote desktop app. > But, it's also your software deployment suite and your software inventory. > (As an aside, I wish there was an equivalent to Apple Remote Desktop for > windows PCs. Perhaps there is, but not without a per-client cost.) Have a > .pkg that needs to be installed? Install it silently on every computer you > can see online. Need it installed on offline computers? Set up ARD to do it > automatically when it sees the Macs are seen on the network. > > > > These solutions are fairly inexpensive, thanks to the aggressive price > drops by apple. You need a Mac running Lion (Costs depend on weather you > have this already and could be $0), the Lion Server update from apple > ($49.99) and optionally Apple Remote Desktop ($79.99, unlimited clients). > > > > If you don't want to go with the Apple provided solution, there are other > methods of making this work. Check out Puppet from Puppet Labs and ADmitMac > from Thursby. > > > > --- > > > > Now that that's said, we here have not moved to Mac OS X Lion (10.7). As > of their most recent patch, it appears they have finally resolved some of > their active directory integration issues. We as a district are moving away > from Macs, simply because of their initial costs are difficult to bear. > Supporting a Mac's software is easy. Supporting the hardware can be a > nightmare. > > > > I hope some of this information is useful to you. > > > > > > --Matt Ross > > Ephrata School District > > > > > > ----- Original Message ----- > > From: David Lum > > [mailto:david....@nwea.org] > > To: NT System Admin Issues > > [mailto:ntsysadmin@lyris.sunbelt-software.com] > > Sent: Mon, 17 Oct 2011 > > 08:16:43 -0700 > > Subject: RE: Macs and vunerabilities > > > > > > > >> My concern is all the above. As currently implemented, Mac's on our > >> network are no different than users home Windows laptops being allowed > >> to directly connect to our network. I can't imagine anyone here would > >> say "go ahead and hook your home laptop directly to my LAN and don't > >> bother joining to the domain". > >> > >> I can't audit what's on them for software license compliance reporting > >> I can't apply GPO's (autoconfigure wireless, browser > >> settings/favorites, > >> etc) > >> I can't remotely deploy software (via GPO or SMS) I can't enforce > >> anti-virus I can't patch Flash, Java, etc > >> > >> Dave > >> > >> -----Original Message----- > >> From: Matthew W. Ross [mailto:mr...@ephrataschools.org] > >> Sent: Monday, October 17, 2011 8:07 AM > >> To: NT System Admin Issues > >> Subject: RE: Macs and vunerabilities > >> > >> David, from what direction are your concerns coming from? > >> > >> Are you concerned how to patch the macs? > >> Are you concerned about antivirus? > >> Are you concerned about controlling what the Macs are allowed to do? > >> > >> I'm just trying to understand, and perhaps help. > >> > >> > >> --Matt Ross > >> Ephrata School District > >> > >> > >> ----- Original Message ----- > >> From: David Lum > >> [mailto:david....@nwea.org] > >> To: NT System Admin Issues > >> [mailto:ntsysadmin@lyris.sunbelt-software.com] > >> Sent: Thu, 13 Oct 2011 > >> 15:01:20 -0700 > >> Subject: RE: Macs and vunerabilities > >> > >> > >> > >>> Well, we're getting a Mac invasion here and there is zero apparent > >>> concern for managing these things or worrying about vulnerabilities. > >>> To get to AD resources they're standing up Win7 VM's but doing as > >>> much work as possible on the native MacOS. > >>> > >>> They can get to the Internet, file shares, printers, e-mail, etc on > >>> native Mac but I just have alarms going off in my head "unmanaged > >>> machines with no idea what intellectual property is on them". > >>> > >>> Dave > >>> > >>> From: kz2...@googlemail.com [mailto:kz2...@googlemail.com] > >>> Sent: Thursday, October 13, 2011 2:49 PM > >>> To: NT System Admin Issues > >>> Subject: Re: Macs and vunerabilities > >>> > >>> I remember the big "mac virus" recently was socially engineered - > >>> but that's definitely the mac's biggest vulnerability. Given that > >>> mac users generally believe they are invulnerable, its an arguably > >>> bigger vector than the same one on a Windows system. > >>> > >>> Sent from my POS BlackBerry wireless device, which may wipe itself > >>> at any moment > >>> > >>> ________________________________ > >>> From: David Lum <david....@nwea.org<mailto:david....@nwea.org>> > >>> Date: Thu, 13 Oct 2011 21:45:39 +0000 > >>> To: NT System Admin > >>> Issues<ntsysadmin@lyris.sunbelt-software.com<mailto:ntsysadmin@lyris > >>> .s > >>> unbelt-software.com>> > >>> ReplyTo: "NT System Admin Issues" > >>> <ntsysadmin@lyris.sunbelt-software.com<mailto:ntsysadmin@lyris.sunbe > >>> lt > >>> -software.com>> > >>> Subject: Macs and vunerabilities > >>> > >>> Does anyone have a link to an article or two that shows > >>> vulnerabilities that have actually been exploited? Preferably not a > >>> random > >>> > >> blog post... > >> > >>> David Lum > >>> Systems Engineer // NWEATM > >>> Office 503.548.5229 // Cell (voice/text) 503.267.9764 > >>> > >>> > >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > >>> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > >>> > >>> --- > >>> To manage subscriptions click here: > >>> http://lyris.sunbelt-software.com/read/my_forums/ > >>> or send an email to > >>> listmana...@lyris.sunbeltsoftware.com<mailto:listmanager@lyris.sunbe > >>> lt > >>> software.com> > >>> with the body: unsubscribe ntsysadmin > >>> > >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > >>> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > >>> > >>> --- > >>> To manage subscriptions click here: > >>> http://lyris.sunbelt-software.com/read/my_forums/ > >>> or send an email to > >>> listmana...@lyris.sunbeltsoftware.com<mailto:listmanager@lyris.sunbe > >>> lt > >>> software.com> > >>> with the body: unsubscribe ntsysadmin > >>> > >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > >>> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > >>> > >>> --- > >>> To manage subscriptions click here: > >>> http://lyris.sunbelt-software.com/read/my_forums/ > >>> or send an email to listmana...@lyris.sunbeltsoftware.com > >>> with the body: unsubscribe ntsysadmin > >>> > >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > >> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > >> > >> --- > >> To manage subscriptions click here: > >> http://lyris.sunbelt-software.com/read/my_forums/ > >> or send an email to listmana...@lyris.sunbeltsoftware.com > >> with the body: unsubscribe ntsysadmin > >> > >> > >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > >> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > >> > >> --- > >> To manage subscriptions click here: > >> http://lyris.sunbelt-software.com/read/my_forums/ > >> or send an email to listmana...@lyris.sunbeltsoftware.com > >> with the body: unsubscribe ntsysadmin > >> > >> > >> > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > --- > > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > > or send an email to listmana...@lyris.sunbeltsoftware.com > > with the body: unsubscribe ntsysadmin > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > --- > > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > > or send an email to listmana...@lyris.sunbeltsoftware.com > > with the body: unsubscribe ntsysadmin > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > --- > > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > > or send an email to listmana...@lyris.sunbeltsoftware.com > > with the body: unsubscribe ntsysadmin > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin