I recommend you join the Mac Enterprise mailing list, located here: http://lists.psu.edu/archives/macenterprise.html
And I recommend you start reading the Mac OS X Server documentation, here: http://www.apple.com/macosx/server/resources/documentation.html --Matt Ross Ephrata School District ----- Original Message ----- From: David Lum [mailto:david....@nwea.org] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Mon, 17 Oct 2011 14:17:00 -0700 Subject: RE: Macs and vunerabilities > OK you've sold me (well, you and a few hours of Google-Fu), I just put in a > request for Mac mini server and ARD. > > -----Original Message----- > From: Matthew W. Ross [mailto:mr...@ephrataschools.org] > Sent: Monday, October 17, 2011 2:14 PM > To: NT System Admin Issues > Subject: RE: Macs and vunerabilities > > According to Apple Remote Desktop, we have 175 macs. That's teacher and > student macs in the elementary classrooms, as well as a mac lab at one of > the middle schools. > > According to 'net view' we have about 650 PCs. > > > --Matt Ross > Ephrata School District > > > ----- Original Message ----- > From: David Lum > [mailto:david....@nwea.org] > To: NT System Admin Issues > [mailto:ntsysadmin@lyris.sunbelt-software.com] > Sent: Mon, 17 Oct 2011 > 14:01:01 -0700 > Subject: RE: Macs and vunerabilities > > > > How many Mac's and 'Doze OS are you guys managing with these? > > > > -----Original Message----- > > From: Matthew W. Ross [mailto:mr...@ephrataschools.org] > > Sent: Monday, October 17, 2011 1:44 PM > > To: NT System Admin Issues > > Subject: RE: Macs and vunerabilities > > > > Unfortunately, no. I wish we did. > > > > And yes, there is a lot on our plates. That is one reason having > > resources like this list is so valuable to us. > > > > > > --Matt Ross > > Ephrata School District > > > > > > ----- Original Message ----- > > From: David Lum > > [mailto:david....@nwea.org] > > To: NT System Admin Issues > > [mailto:ntsysadmin@lyris.sunbelt-software.com] > > Sent: Mon, 17 Oct 2011 > > 12:39:44 -0700 > > Subject: RE: Macs and vunerabilities > > > > > > > In this environment do you have a "Mac SE" and a "Windows SE", or > > > does the same person manage both? Seems to be adding quite a bit to > > > one's > > plate. > > > > > > -----Original Message----- > > > From: David Lum [mailto:david....@nwea.org] > > > Sent: Monday, October 17, 2011 9:07 AM > > > To: NT System Admin Issues > > > Subject: RE: Macs and vunerabilities > > > > > > Thanks for all this information Matt, it's greatly appreciated!! > > > > > > -----Original Message----- > > > From: Matthew W. Ross [mailto:mr...@ephrataschools.org] > > > Sent: Monday, October 17, 2011 8:57 AM > > > To: NT System Admin Issues > > > Subject: RE: Macs and vunerabilities > > > > > > You are correct, many of these things you cannot do from a Active > > Directory. > > > There may be a few tricks you can use to force some of these (login > > > scripts, remote ssh, etc.) but I'm sure you're more interested in > > > something a little more centralized. > > > > > > If you want the Apple solution, check out Open Directory and Apple > > > Remote Desktop. > > > > > > Open Directory is a component of Mac OS X Server, and it is Apple's > > > attempt at a directory service ala Active Directory, but for Macs. > > > If you do go this route, I recommend joining the Macs to both your > > > Active Directory and the Open directory at the same time. Have your > > > user's login using their AD credentials, while the Macs get their > > > settings from OD. This is what's know in the mac IT circles as the > > > "Golden > > Triangle". > > > > > > Apple Remote Desktop is, at first glance, your basic remote desktop app. > > > But, it's also your software deployment suite and your software > inventory. > > > (As an aside, I wish there was an equivalent to Apple Remote Desktop > > > for windows PCs. Perhaps there is, but not without a per-client > > > cost.) Have a .pkg that needs to be installed? Install it silently > > > on every computer you can see online. Need it installed on offline > computers? > > > Set up ARD to do it automatically when it sees the Macs are seen on > > > the > > network. > > > > > > These solutions are fairly inexpensive, thanks to the aggressive > > > price drops by apple. You need a Mac running Lion (Costs depend on > > > weather you have this already and could be $0), the Lion Server > > > update from apple ($49.99) and optionally Apple Remote Desktop > > > ($79.99, unlimited > > clients). > > > > > > If you don't want to go with the Apple provided solution, there are > > > other methods of making this work. Check out Puppet from Puppet Labs > > > and ADmitMac from Thursby. > > > > > > --- > > > > > > Now that that's said, we here have not moved to Mac OS X Lion (10.7). > > > As of their most recent patch, it appears they have finally resolved > > > some of their active directory integration issues. We as a district > > > are moving away from Macs, simply because of their initial costs are > > difficult to bear. > > > Supporting a Mac's software is easy. Supporting the hardware can be > > > a nightmare. > > > > > > I hope some of this information is useful to you. > > > > > > > > > --Matt Ross > > > Ephrata School District > > > > > > > > > ----- Original Message ----- > > > From: David Lum > > > [mailto:david....@nwea.org] > > > To: NT System Admin Issues > > > [mailto:ntsysadmin@lyris.sunbelt-software.com] > > > Sent: Mon, 17 Oct 2011 > > > 08:16:43 -0700 > > > Subject: RE: Macs and vunerabilities > > > > > > > > > > My concern is all the above. As currently implemented, Mac's on > > > > our network are no different than users home Windows laptops being > > > > allowed to directly connect to our network. I can't imagine anyone > > > > here would say "go ahead and hook your home laptop directly to my > > > > LAN and don't bother joining to the domain". > > > > > > > > I can't audit what's on them for software license compliance > > > > reporting I can't apply GPO's (autoconfigure wireless, browser > > > > settings/favorites, > > > > etc) > > > > I can't remotely deploy software (via GPO or SMS) I can't enforce > > > > anti-virus I can't patch Flash, Java, etc > > > > > > > > Dave > > > > > > > > -----Original Message----- > > > > From: Matthew W. Ross [mailto:mr...@ephrataschools.org] > > > > Sent: Monday, October 17, 2011 8:07 AM > > > > To: NT System Admin Issues > > > > Subject: RE: Macs and vunerabilities > > > > > > > > David, from what direction are your concerns coming from? > > > > > > > > Are you concerned how to patch the macs? > > > > Are you concerned about antivirus? > > > > Are you concerned about controlling what the Macs are allowed to do? > > > > > > > > I'm just trying to understand, and perhaps help. > > > > > > > > > > > > --Matt Ross > > > > Ephrata School District > > > > > > > > > > > > ----- Original Message ----- > > > > From: David Lum > > > > [mailto:david....@nwea.org] > > > > To: NT System Admin Issues > > > > [mailto:ntsysadmin@lyris.sunbelt-software.com] > > > > Sent: Thu, 13 Oct 2011 > > > > 15:01:20 -0700 > > > > Subject: RE: Macs and vunerabilities > > > > > > > > > > > > > Well, we're getting a Mac invasion here and there is zero > > > > > apparent concern for managing these things or worrying about > vulnerabilities. > > > > > To get to AD resources they're standing up Win7 VM's but doing > > > > > as much work as possible on the native MacOS. > > > > > > > > > > They can get to the Internet, file shares, printers, e-mail, etc > > > > > on native Mac but I just have alarms going off in my head > > > > > "unmanaged machines with no idea what intellectual property is > > > > > on > > them". > > > > > > > > > > Dave > > > > > > > > > > From: kz2...@googlemail.com [mailto:kz2...@googlemail.com] > > > > > Sent: Thursday, October 13, 2011 2:49 PM > > > > > To: NT System Admin Issues > > > > > Subject: Re: Macs and vunerabilities > > > > > > > > > > I remember the big "mac virus" recently was socially engineered > > > > > - but that's definitely the mac's biggest vulnerability. Given > > > > > that mac users generally believe they are invulnerable, its an > > > > > arguably bigger vector than the same one on a Windows system. > > > > > > > > > > Sent from my POS BlackBerry wireless device, which may wipe > > > > > itself at any moment > > > > > > > > > > ________________________________ > > > > > From: David Lum <david....@nwea.org<mailto:david....@nwea.org>> > > > > > Date: Thu, 13 Oct 2011 21:45:39 +0000 > > > > > To: NT System Admin > > > > > Issues<ntsysadmin@lyris.sunbelt-software.com<mailto:ntsysadmin@l > > > > > yr > > > > > is > > > > > .s > > > > > unbelt-software.com>> > > > > > ReplyTo: "NT System Admin Issues" > > > > > <ntsysadmin@lyris.sunbelt-software.com<mailto:ntsysadmin@lyris.s > > > > > un > > > > > be > > > > > lt > > > > > -software.com>> > > > > > Subject: Macs and vunerabilities > > > > > > > > > > Does anyone have a link to an article or two that shows > > > > > vulnerabilities that have actually been exploited? Preferably > > > > > not a random > > > > blog post... > > > > > David Lum > > > > > Systems Engineer // NWEATM > > > > > Office 503.548.5229 // Cell (voice/text) 503.267.9764 > > > > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! > > > > > ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> > > > > > ~ > > > > > > > > > > --- > > > > > To manage subscriptions click here: > > > > > http://lyris.sunbelt-software.com/read/my_forums/ > > > > > or send an email to > > > > > listmana...@lyris.sunbeltsoftware.com<mailto:listmanager@lyris.s > > > > > un > > > > > be > > > > > lt > > > > > software.com> > > > > > with the body: unsubscribe ntsysadmin > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! > > > > > ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> > > > > > ~ > > > > > > > > > > --- > > > > > To manage subscriptions click here: > > > > > http://lyris.sunbelt-software.com/read/my_forums/ > > > > > or send an email to > > > > > listmana...@lyris.sunbeltsoftware.com<mailto:listmanager@lyris.s > > > > > un > > > > > be > > > > > lt > > > > > software.com> > > > > > with the body: unsubscribe ntsysadmin > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! > > > > > ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> > > > > > ~ > > > > > > > > > > --- > > > > > To manage subscriptions click here: > > > > > http://lyris.sunbelt-software.com/read/my_forums/ > > > > > or send an email to listmana...@lyris.sunbeltsoftware.com > > > > > with the body: unsubscribe ntsysadmin > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > > > --- > > > > To manage subscriptions click here: > > > > http://lyris.sunbelt-software.com/read/my_forums/ > > > > or send an email to listmana...@lyris.sunbeltsoftware.com > > > > with the body: unsubscribe ntsysadmin > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > > > --- > > > > To manage subscriptions click here: > > > > http://lyris.sunbelt-software.com/read/my_forums/ > > > > or send an email to listmana...@lyris.sunbeltsoftware.com > > > > with the body: unsubscribe ntsysadmin > > > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > > > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > --- > > > To manage subscriptions click here: > > > http://lyris.sunbelt-software.com/read/my_forums/ > > > or send an email to listmana...@lyris.sunbeltsoftware.com > > > with the body: unsubscribe ntsysadmin > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > > > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > --- > > > To manage subscriptions click here: > > > http://lyris.sunbelt-software.com/read/my_forums/ > > > or send an email to listmana...@lyris.sunbeltsoftware.com > > > with the body: unsubscribe ntsysadmin > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > > > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > --- > > > To manage subscriptions click here: > > > http://lyris.sunbelt-software.com/read/my_forums/ > > > or send an email to listmana...@lyris.sunbeltsoftware.com > > > with the body: unsubscribe ntsysadmin > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > --- > > To manage subscriptions click here: > > http://lyris.sunbelt-software.com/read/my_forums/ > > or send an email to listmana...@lyris.sunbeltsoftware.com > > with the body: unsubscribe ntsysadmin > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > --- > > To manage subscriptions click here: > > http://lyris.sunbelt-software.com/read/my_forums/ > > or send an email to listmana...@lyris.sunbeltsoftware.com > > with the body: unsubscribe ntsysadmin > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
