Precisely, with OD /WGM there¹s no central mgmt console whereby an admin can tell which/what policy is applied to what group. Administration easily becoems a nightmare without 3rd party mgmt software such as Centrify.
Whereas the latest GPMC boasts some thousands of settings that can be administered centrally, Apple¹s WGM doesn¹t even provide an admin the ability to manage smething as simple (and built-in!) as Safari (e.g. Adding a default favorites/bookmarks folder), manage multiple home tabs...etc. On 9/7/10 8:33 PM, "Andrew S. Baker" <asbz...@gmail.com> wrote: >>> >>How does Microsoft's Active Directory manage users/computers better than >>> Apple's Open Directory? > > What is the Apple equivalent of Group Policy? > > > > ASB (My XeeSM Profile) <http://XeeSM.com/AndrewBaker> > Exploiting Technology for Business Advantage... > > > On Tue, Sep 7, 2010 at 7:40 PM, Matthew W. Ross <mr...@ephrataschools.org> > wrote: >> That does make it difficult. Then again, so would any dual-booting Linux user >> on a PC. If you don't want them to do it, don't allow them too. (We make them >> choose one or the other.) >> >> Users with their own personal VMs in VMWare Player or VirtualBox also make >> management frustrating. >> >> How does Microsoft's Active Directory manage users/computers better than >> Apple's Open Directory? >> >> Our district requires a count of computers at least once a year. We do >> physical counts, not some network scan to see what's out there. That, >> happily, resolves any "Dual personality" problem. (Not to mention the >> teachers squirm a little when I ask there the Projector that was assigned to >> them is.) >> >> Oh, and I do admit that we're not a large school. 1000 computers across 6 >> locations isn't all that much compared to some. But it's a lot for 3 people, >> and I'm the only Mac/Linux/Network guy. >> >> <own horn>Toot!</own horn> >> >> >> --Matt Ross >> Ephrata School District >> >> >> ----- Original Message ----- >> From: Brian Desmond >> [mailto:br...@briandesmond.com] >> To: NT System Admin Issues >> [mailto:ntsysad...@lyris.sunbelt-software.com] >> Sent: Tue, 07 Sep 2010 >> 15:37:13 -0700 >> Subject: RE: Mac and Windows mix >> >> >>> > My experience having worked for one of the largest school districts in the >>> > US is that the solution you outlined doesn't really scale. I've seen it >>> work >>> > well for relatively small environments but once you introduce a large >>> number >>> > of Mac machines, things get difficult. When the solution works, you're >>> still >>> > looking at some significant management overhead and duplication of >>> > infrastructure. >>> > >>> > The key issue I've seen with Macs recently is their newfound bipolar >>> > disorder. One day they're a Mac, the next day they're a PC. Good luck >>> > accounting for that in your asset database. >>> > >>> > Thanks, >>> > Brian Desmond >>> > br...@briandesmond.com >>> > >>> > c - 312.731.3132 >>> > >>> > >>> > >>> > -----Original Message----- >>> > From: Matthew W. Ross [mailto:mr...@ephrataschools.org] >>> > Sent: Tuesday, September 07, 2010 11:54 AM >>> > To: NT System Admin Issues >>> > Subject: RE: Mac and Windows mix >>> > >>> > Macs are not the burden you make them sound to be. >>> > >>> > Integrating a Mac into a windows network is never going to be painless; >>> the >>> > two systems are inherently different. If what you want is a Windows >>> > experience from your Mac, install Windows. >>> > >>> > Now not everybody likes MacOS X, but the same can be said for Windows. >>> > Insert the problem of subjective preference here. >>> > >>> > Personally, I love working on my iMac, and managing the other Macs in our >>> > district is very easy if you use the provided Apple tools: Mac OS X >>> server, >>> > Open Directory, and Apple Remote Desktop. >>> > >>> > Then again, I hate how a Mac _can_ cost 2x as much as a comparable PC. I >>> do >>> > like that software upgrades are cheaper for Mac, but I don't like how >>> apple >>> > drops support for anything that is not the current generation or the >>> > previous one. If you're 2 generations back, you're out of luck. >>> > >>> > What can a Mac do that a PC Can't? Nothing. But I would argue that >>> > competition is one of the pillars of innovation. Without Mac OS X >>> competing >>> > against Windows, what would Windows look like today? >>> > >>> > >>> > --Matt Ross >>> > Ephrata School District >>> > >>> > >>> > ----- Original Message ----- >>> > From: James Hill >>> > [mailto:james.h...@superamart.com.au] >>> > To: NT System Admin Issues >>> > [mailto:ntsysad...@lyris.sunbelt-software.com] >>> > Sent: Sun, 05 Sep 2010 >>> > 19:28:49 -0700 >>> > Subject: RE: Mac and Windows mix >>> > >>> > >>>> > > We have pretty much eliminated all of the Mac's here. >>>> > > >>>> > > We didn't have 3rd party products to manage them so they always >>>> > > required so much manual interaction. Any global change we made we >>>> > > could easily automate with PC's thanks to group policy etc but it was >>>> > > always a manual change for the Mac's. >>>> > > >>>> > > They really aren't a corporate product imo. You only have to look to >>>> > > Apple for a corporate grade management solution to realise that it >>>> doesn't >>> > exist. >>>> > > >>>> > > They do indeed need patching (http://support.apple.com/kb/HT1222) and >>>> > > there is AV products for them. Symantec has one for example. >>>> > > Personally I think the day is coming when someone will write a decent >>>> > > bit of malware/virus for them and 99% plus will get caught out by it. >>>> > > There is a very misguided opinion amongst the Apple community that >>>> > > they are safe. Apple's false advertising only strengthens this. The >>>> > > facts are that Mac's are more vulnerable than the PC world >>>> > > http://www.crn.com/security/226200083 >>>> > > >>>> > > More importantly, what is the need for the Mac's in the first place? >>>> > > For us they were only sued for Adobe CS, which runs just fine on PC's. >>>> > > In fact these days Adobe is more behind the PC world than the Mac. >>>> > > For example, 64bit Photoshop was first on PC, had to wait for CS5 for Mac >>> > to get it. >>>> > > That's without going into the Flash debate :) >>>> > > >>>> > > >>>> > > >>>> > > >>>> > > >>>> > > From: David Lum [mailto:david....@nwea.org] >>>> > > Sent: Saturday, 4 September 2010 6:07 AM >>>> > > To: NT System Admin Issues >>>> > > Subject: Mac and Windows mix >>>> > > >>>> > > I would like to hear from those of you who have a mixed Windows/Mac >>>> > > environments: How do you handle management of the diverse environment? >>>> > > Presumably with Mac's there is no patching or AV. Can you use GPO's on >>>> > > them in any fashion (wondering if there's some add-in to allow >>> > equivalency). >>>> > > David Lum // SYSTEMS ENGINEER >>>> > > NORTHWEST EVALUATION ASSOCIATION >>>> > > (Desk) 971.222.1025 // (Cell) 503.267.9764 > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
