- Azure PowerShell vs. Azure CLI - Wed, Mar 15 2023
- Use Azure Storage for backup - Thu, Feb 23 2023
- Azure Data Studio vs. SQL Server Management (SSMS) - Wed, Feb 8 2023
In this article we conclude our survey of the ever-challenging world of applying Active Directory logon scripts to Mac OS X users and client computers. To get up to speed on our discussion, please take a moment to examine the previous installments of the series.
In this brief essay we will meet the major players in third party Windows-Mac integration development. Two of the following three companies described have accomplished the seemingly impossible: applying honest-to-goodness Active Directory Group Policy policies to Mac and Linux boxes! Without any further ado, let’s get to work.
Quest Authentication Services
Quest Authentication Services Managed Client Extensions for Group Policy is unique inasmuch as it gives you, the Windows systems administrator, the ability to not only extend traditional Active Directory environment access policies (password and account lockout policies, Kerberos settings, etc.) to the Mac, but also enables you to get to the Workgroup Settings that are ordinarily locked in Mac OS X Server.
As you can see in Figure 1, the Mac OS X policy extensions are natively integrated into the traditional Windows Server 2008 Group Policy Editor.
Quest Authentication Services
How does this technology work? As you might imagine, the Quest software is instantiated as agent software that is locally installed on each managed client, and as server software that integrates with Active Directory Group Policy.
Quest Software actually has a pretty huge product portfolio; allow me to draw your attention specifically to their list of solutions for Unix, Linux and Mac OS X.
Centrify DirectControl
Like Quest Authentication Services, Centrify DirectControl uses both server and client agent software to create the “umbilical cord” that enables Mac OS X clients to interpret and apply Group Policy directives from an Active Directory Domain Services domain controller.
For a fascinating explanation of specifically how this feat is accomplished, please read “How it Works: DirectControl Group Policy Architecture” on the Centrify Web site.
Centrify DirectControl
Likewise Identity Service
Likewise Identity Service is an authentication engine for Unix-, Linux-, and Mac OS X-based client systems.
Likewise Identity Service
The Likewise product portfolio is very nicely documented; please visit their Documentation Library to read up on how to use Likewise Identity Service to deploy Group Policy to Mac clients.
Thursby ADmitMac
Several years ago when I first encountered the issue of Mac/Windows integration, Thursby Software’s ADmitMac was about the only game in town in terms of more intimately associating Mac OS X clients with Active Directory. As you have already read, there is some pretty stiff competition in this space now, so the question is, “How does ADmitMac stack up?”
Well, I have good news and bad news for you. The good news is that ADmitMac configures your Mac OS X computers to be just about as close to their Windows counterparts as functional Active Directory domain members as is possible. Another piece of good news is that there is no server-side software to install; ADmitMac is entirely a client-based solution.
The bad news is that Group Policy Object integration, such as we’ve seen with the aforementioned third-party products, is not an option.
So why do I even mention this software? I do so because any discussion of third-party Mac/Windows products is incomplete without mentioning ADmitMac. 🙂
Conclusion
I hope that you found this three-part series helpful. At this point you have a very comprehensive understanding of the options that are available to you concerning GPO deployment for Mac OS X client computers. Feel free to fire your questions at me in the comments portion of this post. Thanks for reading and take care.
thanks for sharing