Perhaps I'm misunderstanding: Isn't that exactly what Workgroup Manager does in Open Directory? There are plenty of settings which can be applied to individual Macs, users, user groups and computer groups.
As for Safari settings, you can add the com.apple.Safari plist (located in ~/Library/Preferences) to your WGM Preferences/Details tab, and modify as needed in WGM. This is how we manage our Safari settings. There are many other plists that you can use the same technique to manage your client's settings. (com.apple.finder is one of my favorites to modify, to make the sidebar a little more sane for users.) What I _don't_ like about WGM is that it will not allow me to do any kind of hierarchy of users/groups... at least not as I have been able to figure out. Active Directory allows me to make ODs which can be layered to get the desired effect. I am forced to copy and paste (again, from the detail's tab) to replicate settings between computer groups. Apple needs to learn from Active Directory here. --Matt Ross Ephrata School District ----- Original Message ----- From: sdewilliman [mailto:sdewilli...@g2.com] To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com] Sent: Tue, 07 Sep 2010 17:41:34 -0700 Subject: Re: Mac and Windows mix > Precisely, with OD /WGM there¹s no central mgmt console whereby an admin > can > tell which/what policy is applied to what group. Administration easily > becoems a nightmare without 3rd party mgmt software such as Centrify. > > Whereas the latest GPMC boasts some thousands of settings that can be > administered centrally, Apple¹s WGM doesn¹t even provide an admin the > ability to manage smething as simple (and built-in!) as Safari (e.g. Adding > a default favorites/bookmarks folder), manage multiple home tabs...etc. > > On 9/7/10 8:33 PM, "Andrew S. Baker" <asbz...@gmail.com> wrote: > > >>> >>How does Microsoft's Active Directory manage users/computers better > than > >>> Apple's Open Directory? > > > > What is the Apple equivalent of Group Policy? > > > > > > > > ASB (My XeeSM Profile) <http://XeeSM.com/AndrewBaker> > > Exploiting Technology for Business Advantage... > > > > > > On Tue, Sep 7, 2010 at 7:40 PM, Matthew W. Ross <mr...@ephrataschools.org> > > wrote: > >> That does make it difficult. Then again, so would any dual-booting Linux > user > >> on a PC. If you don't want them to do it, don't allow them too. (We make > them > >> choose one or the other.) > >> > >> Users with their own personal VMs in VMWare Player or VirtualBox also > make > >> management frustrating. > >> > >> How does Microsoft's Active Directory manage users/computers better than > >> Apple's Open Directory? > >> > >> Our district requires a count of computers at least once a year. We do > >> physical counts, not some network scan to see what's out there. That, > >> happily, resolves any "Dual personality" problem. (Not to mention the > >> teachers squirm a little when I ask there the Projector that was assigned > to > >> them is.) > >> > >> Oh, and I do admit that we're not a large school. 1000 computers across 6 > >> locations isn't all that much compared to some. But it's a lot for 3 > people, > >> and I'm the only Mac/Linux/Network guy. > >> > >> <own horn>Toot!</own horn> > >> > >> > >> --Matt Ross > >> Ephrata School District > >> > >> > >> ----- Original Message ----- > >> From: Brian Desmond > >> [mailto:br...@briandesmond.com] > >> To: NT System Admin Issues > >> [mailto:ntsysad...@lyris.sunbelt-software.com] > >> Sent: Tue, 07 Sep 2010 > >> 15:37:13 -0700 > >> Subject: RE: Mac and Windows mix > >> > >> > >>> > My experience having worked for one of the largest school districts in > the > >>> > US is that the solution you outlined doesn't really scale. I've seen > it > >>> work > >>> > well for relatively small environments but once you introduce a large > >>> number > >>> > of Mac machines, things get difficult. When the solution works, you're > >>> still > >>> > looking at some significant management overhead and duplication of > >>> > infrastructure. > >>> > > >>> > The key issue I've seen with Macs recently is their newfound bipolar > >>> > disorder. One day they're a Mac, the next day they're a PC. Good luck > >>> > accounting for that in your asset database. > >>> > > >>> > Thanks, > >>> > Brian Desmond > >>> > br...@briandesmond.com > >>> > > >>> > c - 312.731.3132 > >>> > > >>> > > >>> > > >>> > -----Original Message----- > >>> > From: Matthew W. Ross [mailto:mr...@ephrataschools.org] > >>> > Sent: Tuesday, September 07, 2010 11:54 AM > >>> > To: NT System Admin Issues > >>> > Subject: RE: Mac and Windows mix > >>> > > >>> > Macs are not the burden you make them sound to be. > >>> > > >>> > Integrating a Mac into a windows network is never going to be > painless; > >>> the > >>> > two systems are inherently different. If what you want is a Windows > >>> > experience from your Mac, install Windows. > >>> > > >>> > Now not everybody likes MacOS X, but the same can be said for Windows. > >>> > Insert the problem of subjective preference here. > >>> > > >>> > Personally, I love working on my iMac, and managing the other Macs in > our > >>> > district is very easy if you use the provided Apple tools: Mac OS X > >>> server, > >>> > Open Directory, and Apple Remote Desktop. > >>> > > >>> > Then again, I hate how a Mac _can_ cost 2x as much as a comparable PC. > I > >>> do > >>> > like that software upgrades are cheaper for Mac, but I don't like how > >>> apple > >>> > drops support for anything that is not the current generation or the > >>> > previous one. If you're 2 generations back, you're out of luck. > >>> > > >>> > What can a Mac do that a PC Can't? Nothing. But I would argue that > >>> > competition is one of the pillars of innovation. Without Mac OS X > >>> competing > >>> > against Windows, what would Windows look like today? > >>> > > >>> > > >>> > --Matt Ross > >>> > Ephrata School District > >>> > > >>> > > >>> > ----- Original Message ----- > >>> > From: James Hill > >>> > [mailto:james.h...@superamart.com.au] > >>> > To: NT System Admin Issues > >>> > [mailto:ntsysad...@lyris.sunbelt-software.com] > >>> > Sent: Sun, 05 Sep 2010 > >>> > 19:28:49 -0700 > >>> > Subject: RE: Mac and Windows mix > >>> > > >>> > > >>>> > > We have pretty much eliminated all of the Mac's here. > >>>> > > > >>>> > > We didn't have 3rd party products to manage them so they always > >>>> > > required so much manual interaction. Any global change we made we > >>>> > > could easily automate with PC's thanks to group policy etc but it > was > >>>> > > always a manual change for the Mac's. > >>>> > > > >>>> > > They really aren't a corporate product imo. You only have to look > to > >>>> > > Apple for a corporate grade management solution to realise that it > >>>> doesn't > >>> > exist. > >>>> > > > >>>> > > They do indeed need patching (http://support.apple.com/kb/HT1222) > and > >>>> > > there is AV products for them. Symantec has one for example. > >>>> > > Personally I think the day is coming when someone will write a > decent > >>>> > > bit of malware/virus for them and 99% plus will get caught out by > it. > >>>> > > There is a very misguided opinion amongst the Apple community that > >>>> > > they are safe. Apple's false advertising only strengthens this. > The > >>>> > > facts are that Mac's are more vulnerable than the PC world > >>>> > > http://www.crn.com/security/226200083 > >>>> > > > >>>> > > More importantly, what is the need for the Mac's in the first > place? > >>>> > > For us they were only sued for Adobe CS, which runs just fine on > PC's. > >>>> > > In fact these days Adobe is more behind the PC world than the Mac. > >>>> > > For example, 64bit Photoshop was first on PC, had to wait for CS5 > for > Mac > >>> > to get it. > >>>> > > That's without going into the Flash debate :) > >>>> > > > >>>> > > > >>>> > > > >>>> > > > >>>> > > > >>>> > > From: David Lum [mailto:david....@nwea.org] > >>>> > > Sent: Saturday, 4 September 2010 6:07 AM > >>>> > > To: NT System Admin Issues > >>>> > > Subject: Mac and Windows mix > >>>> > > > >>>> > > I would like to hear from those of you who have a mixed Windows/Mac > >>>> > > environments: How do you handle management of the diverse > environment? > >>>> > > Presumably with Mac's there is no patching or AV. Can you use GPO's > on > >>>> > > them in any fashion (wondering if there's some add-in to allow > >>> > equivalency). > >>>> > > David Lum // SYSTEMS ENGINEER > >>>> > > NORTHWEST EVALUATION ASSOCIATION > >>>> > > (Desk) 971.222.1025 // (Cell) 503.267.9764 > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > --- > > To manage subscriptions click here: > > http://lyris.sunbelt-software.com/read/my_forums/ > > or send an email to listmana...@lyris.sunbeltsoftware.com > > with the body: unsubscribe ntsysadmin > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
