MacDefender sounds like a hamburger... >>> "Matthew W. Ross" <mr...@ephrataschools.org> 5/25/2011 11:24 AM >>> > From: David Lum > I am using this news: > http://blog.intego.com/2011/05/02/intego-security-memo-macdefender-fake-antivirus/ > > to leverage a "we really need to manage our Mac OS's like we do Windows" > argument that I've had for some time. We have a couple dozen Mac OS's here > and none of them are managed the same way we do Windows machines.
Apple has let it be known that they are on top of this, and will include a patch to rid all macs of MacDefender in particular. This isn't an answer to your question, it's more FYI. (See http://support.apple.com/kb/HT4650 for more details.) > Do any of you manage (or work with folks that manage) multiple Mac OS > machines? Ideally something that can do GPO-ish and SMS-ish kinds of things. > Specially patch and protect. Apple doesn't do antivirus (see contradiction above), so you will have to go to a 3rd party for that. (Sophos is our chosen solution as it is centrally managed and covers Windows, Mac and Linux.) Apple does support management of desktops, but (as usual with the "we know how to do it better than everybody else" mindset) only with Apple products. The prescribed solution is to use Open Directory, which means you need a mac running Mac OS X Server. Open Directory and it's Workgroup Management is equivalent to Active Directory Users and Computers and Group Policy. While not quite as flexible, you can get your Macs to behave how you want. As for patch management, there are 3rd party Mac compatible patch management available, but Apple solution is Software Update Server. It's part of Mac OS X Server. Disney (of all companies) released an open source SUS clone for linux platforms, saving you the requirement of a Mac OS X Server... look here for details on Repsosado: https://github.com/wdas/reposado Last, workstation support is done using the excellent Apple Remote Desktop. It's now $80 per admin (unlimited clients) and available through the Mac App store. It used to be $500, and it was well worth it then. I wish there was an equivalent for Windows that was just as cheap. > Additionally, does anyone have any experience with this product? > http://www.likewise.com/solutions/mac_linux_desktop_management/index.php Likewise, Centrify and AdmitMAC are all products that try to get your Macs to respond to Windows AD group policies... essentially trying to get your Macs to behave more like Windows machines. I am not familiar with these, so dig deeper if you are interested. ---- We have been re-evaluating the Mac platform as of late, especially in light of the new proprietary hardware which they seem to be moving towards. (See http://www.macrumors.com/2011/05/12/apple-restricts-hard-drive-replacements-on-new-imacs/ for more info on this.) I love well designed hardware. I love the pursuit of newer, innovative, different and better ways to do things which apple is not afraid to do. What I don't like is uncertainty (Apple loves their secrets) and unserviceable hardware. --Matt Ross Ephrata School District ----- Original Message ----- From: David Lum [mailto:david....@nwea.org] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Wed, 25 May 2011 07:47:55 -0700 Subject: Managing Mac's > I am using this news: > http://blog.intego.com/2011/05/02/intego-security-memo-macdefender-fake-antivirus/ > > to leverage a "we really need to manage our Mac OS's like we do Windows" > argument that I've had for some time. We have a couple dozen Mac OS's here > and none of them are managed the same way we do Windows machines. > > Do any of you manage (or work with folks that manage) multiple Mac OS > machines? Ideally something that can do GPO-ish and SMS-ish kinds of things. > Specially patch and protect. > > Additionally, does anyone have any experience with this product? > http://www.likewise.com/solutions/mac_linux_desktop_management/index.php > > TIA, > David Lum > Systems Engineer // NWEATM > Office 503.548.5229 // Mobile 503.267.9764 > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin