Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mac Systems Management

Posted by kdawson on from the tools-of-the-trade dept.

johannacw writes "This story has in-depth info about managing Macs using Apple's Managed Preferences architecture. It covers how to use the 14 built-in systems-management areas, how preferences interact, how to secure workstations, and how to help users access resources including applications and printers. It's a must-read for any systems admin working in a Mac or mixed environment. Written by Ryan Faas, this is a follow-up to his popular Inside Apple's Workgroup Manager."

75 comments

  1. Interesting but.... by tonsofpcs · · Score: 2

    How easily deployable are settings of this sort?

    --
    Video Production Support
    1. Re:Interesting but.... by _merlin · · Score: 4, Informative

      Just as deployable as MS AD Group Policy: you define policy for the domain, and member computers pick it up. Obviously, you need a domain master, and you need to bind the target computers to the domain. But this is no different to any other directory service.

    2. Re:Interesting but.... by rizzo320 · · Score: 4, Informative

      In most cases a "golden triangle" is used where the Mac is bound to both Active Directory and Open Directory. The login credentials for users are managed in Active Directory, where as the managed preferences for the workstations are managed in Open Directory. It's a pretty common setup.

      If you really need to blend in with your Active Directory environment, you can bypass workgroup manager altogether and go with ADmit Mac by Thursby Software. Though on the pricey side, it allows you to do much more from with AD than the standard features of OS X. The last time I checked, it even allowed you to apply certain types of group policies onto the managed Macs... very cool stuff.

    3. Re:Interesting but.... by somersault · · Score: 3, Funny

      "If you really need to blend in with your Active Directory environment, you can" use a BlendTec blender!

      Couldn't resist..

      --
      which is totally what she said
    4. Re:Interesting but.... by nko321 · · Score: 1

      Forgive the newbiness, but how does one login on a Mac using an Active Directory account? Does this require 3rd party software? I looked into it a few months ago and gave up after a day or two.

    5. Re:Interesting but.... by rizzo320 · · Score: 1

      Forgive the newbiness, but how does one login on a Mac using an Active Directory account? Does this require 3rd party software? I looked into it a few months ago and gave up after a day or two.


      Make sure your Mac is plugged into the network, then go to /Applications/Utilities/Directory Access.app. In the services tab, make sure "Active Directory" is checked/enabled. Then click on "Active Directory" so it's highlighted, and press "Configure". It will ask you for your domain settings. In addition, go down to the Advanced Options section. In most instances, you want "Create Mobile Account at Login" checkmarked/enabled, "Require confirmation..." disabled, "Force local home directory on startup disk" enabled, "Use UNC path from Active Directory..." disabled. If you find you need to add or disable one of these features in the future, you can modify them later. After this, press the "Bind" button, enter in your AD username and password for adding computer accounts into AD, and, your ready for AD login usage on your Mac.

      Keep in mind I'm giving you instructions for Tiger/10.4.x, the settings are slightly different in Panther 10.3.x, and don't exist at all in earlier versions of Mac OS X.
    6. Re:Interesting but.... by nko321 · · Score: 1

      Thanks for the reply! I've set these settings... where do I go to login? On reboot, I've tried entering my AD username / password and DOMAIN\username / password but neither are understanding my intention. I had already binded myself to the domain, so to comply with your instructions, I first unbind-ed from the domain, then re-bind-ed. Am I bound properly?

    7. Re:Interesting but.... by rizzo320 · · Score: 1

      It sounds like you added the computer to Active Directory correctly. Make sure the system time is correct. It needs to be within so many minutes of the domain controller, otherwise it will refuse to login. There could also be other issues going on. Check the system.log to see any error messages.

  2. A basic article about a 2-year-old OS is news? by Logic+Bomb · · Score: 1, Insightful

    Why is this on Slashdot? I guess it might be of some interest to people who don't manage OS X professionally. But this is a fairly basic overview of features from an OS released over 2 years ago! I cannot imagine why anyone would spend time writing this now. It's not like the information isn't already out there... like in the product documentation. Seriously, why is this on Slashdot? Did the editor think it was about 10.5 or something?

    1. Re:A basic article about a 2-year-old OS is news? by aichpvee · · Score: 1

      I think they write it because they like ad revenue. But I could be wrong, it's bound to happen sooner or later.

      --
      The Farewell Tour II
    2. Re:A basic article about a 2-year-old OS is news? by intx13 · · Score: 1, Funny

      It's not like the information isn't already out there... like in the product documentation.
      FMs are less read than FAs!

      Did the editor think it was about 10.5 or something?
      I'm sorry, I don't understand... what is this "editor" you speak of? :)
    3. Re:A basic article about a 2-year-old OS is news? by Whiney+Mac+Fanboy · · Score: 5, Funny

      Seriously, why is this on Slashdot? Did the editor think it was about 10.5 or something?

      Indeed - this so-called-article is taking up valuable iPhone fluff story screen real estate.

      --
      There are shills on slashdot. Apparently, I'm one of them.
    4. Re:A basic article about a 2-year-old OS is news? by jasonwea · · Score: 1

      I'm sorry, I don't understand... what is this "editor" you speak of? :)
      I thought it was just another name for a drinking bird.
    5. Re:A basic article about a 2-year-old OS is news? by The+Orange+Mage · · Score: 1

      There's articles about Amiga stuff here on /. sometimes you know. :P

    6. Re:A basic article about a 2-year-old OS is news? by mdwh2 · · Score: 1

      Yes, very occasionally, in proportion to when anything's happened. As opposed to articles everytime someone decides to write about something minor, as seems to be the case with Apple.

  3. Manage your macs... by Anonymous Coward · · Score: 0

    All three of them!

    1. Re:Manage your macs... by martin_henry · · Score: 0, Offtopic

      AC speaks no lie
      geepee el for tha win
      managing macs ain't easy
      heck,
      on slashdot it's almost a sin

      --
      www.purevolume.com/martyd
    2. Re:Manage your macs... by Lehk228 · · Score: 3, Funny

      but managing macs IS easy

      1) turn on mac

      2)periodically remind typical mac user that the computer is not thirsty and does not require watering like a plant.

      --
      Snowden and Manning are heroes.
    3. Re:Manage your macs... by somersault · · Score: 0, Offtopic

      Word! Or Writer.. or something

      --
      which is totally what she said
    4. Re:Manage your macs... by Anonymous Coward · · Score: 0

      this is without a doubt they gayest shit I've ever heard

  4. Macs aren't supposed to be "managed" by weak* · · Score: 1, Troll

    iThey're ifree-spirited isystems ifor ifree-spirited ipeople, iremember?

    --
    The Schwartz space ain't from Spaceballs.
    1. Re:Macs aren't supposed to be "managed" by RuBLed · · Score: 1

      Yup! Macs should be iManaged.

    2. Re:Macs aren't supposed to be "managed" by mjcecil · · Score: 1

      Now THAT's funny :) I love the iUniform. Standard-issue to free-thinkers everywhere.

      I'm not even sure that they were supposed to even let me in this coffeeshop with my MS-laden beast. It doesn't even have a glowing logo on the lid. I think I was grandfathered in because I'm so "old".

      iFree-spirited... hee.

      --
      Mark J. Cecil -- Senior UNIX Engineer
      New Orleans, Louisiana
      http://notrealswift.blogspot.com
    3. Re:Macs aren't supposed to be "managed" by Anonymous Coward · · Score: 0

      iSee

  5. AFW by Anonymous Coward · · Score: 0

    This looks like Apple For Workgroups, a much improved version of WFW. But since it is at version 10.BigCat.3 the bugs have been squashed.

    1. Re:AFW by joeytmann · · Score: 1

      Its funny that you compare this to a MS product that hasn't been around in atleast 5 years and was orginally developed over 10 years ago.

      --
      Insert funny smart-ass comment here.
  6. Hand me a pillow by Anonymous Coward · · Score: 0

    I'm getting tired of kdawson posting sub-par articles.

  7. You can hardly manage the Mac from there by tsa · · Score: 0, Troll

    In their obsession with keeping things simple Apple has IMO cut a few too many corners in the area of disk sharing. If you want to share a folder for use on a Windows computer, you can only share all home directories, or nothing. If I switch on Personal File Sharing suddenly all my applications and all data of all users is available for everyone to see. And a few days ago I discovered that even while I had everything but remote logon (which basically means sshd) and Windows Sharing (which uses a modified smb.conf so I only share the directories I want) switched on in the Preferences, I could still access my whole harddisk remotely from my Linux PC. Luckily I did need a password for that, but still... Shame on you Apple! And that's not all. On the samba implementation on OSX, password handling is so broken it's unusable. The command smbpasswd runs but it doesn't do anything. Any password you type seems to be totally ignored. So I have to share my directories with no password. Shame on you again Apple! Shame shame shame. Even Windows does better in this area. I hope they will fix all that in Leopard.

    --

    -- Cheers!

    1. Re:You can hardly manage the Mac from there by Anonymous Coward · · Score: 0

      My network drops traffic on ports 137:139 like a hot rock. Install MacFUSE/sshfs on a Mac and GUI file browse via SSH instead. You can tell it what directory to mount too. But for Windows you'll have to get SSH/sftp going because MS is to near sighted to give you that out-of-the-box. Screw NetBIOS.

    2. Re:You can hardly manage the Mac from there by SideshowBob · · Score: 4, Insightful

      Um, no. What are you even talking about? When you connect to that computer you have to authenticate with a username and password. You will only be able to access data remotely that you could access if you were logged in as that user locally.

      And I don't get what your second problem is. If you had personal file sharing turned on, then your Linux box must've been connecting to your Mac via afp.

      I think you're just very confused.

    3. Re:You can hardly manage the Mac from there by tsa · · Score: 1

      So I'm modded Overrated and I have my sanity questioned by someone who didn't read my post well, just because I said something negative about Apple. What also is interesting is that the person who thinks I'm confused was modded Insightful. And I didn't get modded Offtopic. My post is Offtopic, because it's about the 'normal' version of OSX, not the server version. Way to go moderators.

      --

      -- Cheers!

    4. Re:You can hardly manage the Mac from there by Anonymous Coward · · Score: 0

      No, you got criticized because you were, in fact, wrong.

      Yes, Apple's implementation of Samba only allows you to share home directories. It's off by default, and you can easily select which users you want to have remote access. You also need to enter the user's password. Stupid, perhaps, but it corresponds to the default behavior of Samba on Linux. smbpasswd is apparently broken because it uses OS X's authentication system directly.

      Personal File Sharing only works between OS X machines, and since I only have one I can't see if that requires a password or not. I guess not, since it only seems to share the "Public" folder from each user's home directory.

      Finally, we have SSH. Both KDE and GNOME can access files remotely over SSH. It's almost certain that this is how you were able to access the entire hard drive remotely, after entering a password. You enabled the service yourself, and this behavior is common to all SSH servers.

      If you were able to get at the whole machine using SMB, then you probably screwed up the smb.conf file, because you certainly can not do that by default.

    5. Re:You can hardly manage the Mac from there by MysteriousPreacher · · Score: 1

      I think the other poster makes a valid point. You took a very sensationalist approach in your post and made some assertions that just don't stand-up.

      Although you say that the applications and user data are available for all to see, this is only true if you've chosen very bad passwords. You can disable sharepoints by removing the Sharedir property. Also, a change of permissions will yield similar results. Personally I prefer a more locked-down system by default but this isn't OpenBSD we're talking about, so it's reasonable to expect that you'd need to harden the system a bit - particularly when it comes to relatively minor risks like this one. All of what you ask can be configured manually but few users will need to. Those that need to will be able to find out how and those that don't will appreciate the current functionality.

      Since guest logins can only access the public folders, it's not quite as open as your post would suggest.

      --
      -- Using the preview button since 2005
    6. Re:You can hardly manage the Mac from there by ickoonite · · Score: 1

      If you want to share a folder for use on a Windows computer, you can only share all home directories, or nothing.

      Valid point, although it's not as though they aren't passworded (which your post almost seems to imply). Complexity is sacrificed for ease-of-use, though whether this is a good thing or not is, I suppose, ultimately down to who is using the system. For the average user, it won't be a problem, because they probably won't know what Windows File Sharing is, and if they do, it will be sufficient. Advanced users, too, will be fine, because they can simply edit /etc/smb.conf to their heart's content. The problem comes for the semi-advanced users, the mediocre types who are all too common these days, often talking the UN*X talk (particularly here on Slashdot) but who are too afraid to walk the walk. They want to share other Windows folders but are not sufficiently competent to edit /etc/smb.conf. Judging by your inability to configure passworded shares, it appears you may fall into this category...

      This will all probably be moot anyway, as I have a feeling I have seen they have re-done the Sharing Preferences in Leopard and more granularity will be offered.

      (I should, however, take the opportunity to take a swipe at Windows, on which file sharing is hopelessly broken. The problem in Windows is that there is no easy way to turn such sharing off (i.e. like the tick box in Sharing on the Mac). By moving the sharing interface to the folder, one can share folders buried deep in the hierarchy and forget where they are, thus leaving sharing on very easily. Reliance is then placed on a firewall to secure the machine - not a good way of doing things.)

      And a few days ago I discovered that even while I had everything but remote logon (which basically means sshd) and Windows Sharing ... switched on in the Preferences, I could still access my whole harddisk remotely from my Linux PC.

      If I am parsing your sentence correctly, you had Personal File Sharing, Personal Web Sharing, FTP Service, etc. all switched on. Of course Personal File Sharing shares your hard disk - this is what it has done since time immemorial on the Mac. Again, though, as you note, it is passworded, so I fail to see the problem.

      If, on the other hand, you meant that you only had Remote Login and Windows Sharing switched on, one can only assume you have a poor command of smb.conf's syntax (as well as of English - apologies). This would appear consistent with your earlier statements about the lack of passworded shares. A bad workman always blames his tools.

      Finally, given that I seem to have decided to start taking swipes, you might also want to learn to use the enter key. Or HTML's <br /> tag. It makes what you write a hell of a lot more readable.

      iqu :P

    7. Re:You can hardly manage the Mac from there by tsa · · Score: 1

      You're right, I made a mistake. In my post I said that I had almost all file sharing switched on, and then I could see my harddisk with my Linux PC. That was wrong, I had it switched off. Only Samba and sshd were running. My sincere apologies for this stupid typing error and the confusion it caused. The fact that I could see my whole harddisk on my Linux PC even with Personal File Sharing switched off still puzzles me. I'm certain it was not a samba issue.

      The password handling problems of Samba in OSX are known, see here, here, and here. I hope that will be fixed in Leopard.

      --

      -- Cheers!

    8. Re:You can hardly manage the Mac from there by somersault · · Score: 1

      "The problem in Windows is that there is no easy way to turn such sharing off"

      Go to Control Panel, Networking, Right click on the interface you want to remove sharing from, and remove File and Printer sharing? You talk the talk, but can you walk the walk? (just kidding, I'm one of those mediocre Linux types, though I'd be fine with editing smb.conf now that I know it's there on OS X). Also you can check your shares by right clicking on My Computer, then choose Manage, then Shared Folders->Shares. Sadly I have come to know more about how to use Windows than any other OS these days, as part of my job ._.

      --
      which is totally what she said
    9. Re:You can hardly manage the Mac from there by ickoonite · · Score: 1

      The fact that I could see my whole harddisk on my Linux PC even with Personal File Sharing switched off still puzzles me. I'm certain it was not a samba issue.

      Interesting. The key thing is, though, were you able to see the whole hard disk via Windows File Sharing (i.e. port 139, SMB/CIFS) or via Apple File Sharing (i.e. port 548, AFP). It takes some effort to get Linux to talk to AFP shares, if memory serves, which means that it is far more likely that it was via Windows File Sharing. In the latter case, it is beyond doubt that it was due to your configuration changes, because, as you know, it only shares home folders by default.

      As to your contention that password handling in Mac OS X's version of Samba is broken, I am still convinced that you are mistaken. The first two examples you cite refer almost exclusively to pre-Tiger versions of Mac OS X (really rather old versions of Samba) and in any case relate primarily to a Mac OS X client accessing a Windows or Linux server. Your problem is with a Mac OS X machine serving Windows shares. Having just conducted some experiments myself, it is clear that smbpasswd is troubled, but there is no problem with password synchronisation, at least not if you change a user's password using System Preferences.

      It may be that smbpasswd is deprecated in Mac OS X 10.4 (which I assume you are using). Instead, Windows passwords are stored in the NetInfo database. Don't quote me on that though - it's just what I am inferring from /etc/smb.conf.

      iqu :|

    10. Re:You can hardly manage the Mac from there by ickoonite · · Score: 1

      Go to Control Panel, Networking, Right click on the interface you want to remove sharing from, and remove File and Printer sharing?

      Ah yes. It's all coming back to me now. These days, I only venture into network device properties to turn off the fucking firewall...

      iqu :P

    11. Re:You can hardly manage the Mac from there by Anonymous Coward · · Score: 0

      "(I should, however, take the opportunity to take a swipe at Windows, on which file sharing is hopelessly broken. The problem in Windows is that there is no easy way to turn such sharing off (i.e. like the tick box in Sharing on the Mac). By moving the sharing interface to the folder, one can share folders buried deep in the hierarchy and forget where they are, thus leaving sharing on very easily. Reliance is then placed on a firewall to secure the machine - not a good way of doing things."

      If you are talking about forgetting where shares are on windows, you have been able to since NT see all your shares under the Shared Folders in computer management. They are not lost forever, nor do I think many admins will forget about what shares they use. But, I guess I don't "walk the walk". :P

    12. Re:You can hardly manage the Mac from there by tsa · · Score: 1

      Thanks again for your comments. I'm sure I saw the files via AFP. I don't know exactly what the problem is, but I am certain that samba definitely doesn't serve my whole harddisk.
      As for the password handling in samba on my Mac, I'll look into that a bit more. It is confusing; I can't use the same smb.conf on my Mac as I have on my Linux box. For some reason that doesn't work properly. I'm at work now, and it has been a while since I last tried to configure Samba for the Mac, so unfortunately I can't tell you exactly how the Mac's behaviour differs from the Linux box.

      --

      -- Cheers!

    13. Re:You can hardly manage the Mac from there by Anonymous Coward · · Score: 0

      Linux can't connect to an AFP volume unless you install some fairly obscure packages. Are you sure you've done this? I doubt it.

    14. Re:You can hardly manage the Mac from there by Nutsquasher · · Score: 1
      SharePoints for Mac (http://hornware.com/sharepoints/) lets you setup shares on your Mac from any directory you have rights to.

      It's GUI based. You can either install the Application version, or the "System Preferences" version, both which are available in the download.

      You can setup SMB shares for Windows/Linux/Mac clients, or AFS shares for Mac/Linux clients (not sure if Windows does AFS - never looked into it).

      After setting up a SMB share, ensure that "Windows Sharing" is enabled under "Sharing" in "System Preferences." Also, click on the "Accounts" button there and enable one or more local accounts to access the share remotely. Then, on a Windows box, it's as simple as connecting to: \\ip-address\sharename\ Enter in the username and password credentials, you'll connect, and bam, you have access to the share.

      Local access rights apply to the local user connecting to the share remotely.

      Make sure you un-share folders when you're done.

    15. Re:You can hardly manage the Mac from there by GanjaManja · · Score: 1

      Perhaps this program would make things easier?
      http://www.macupdate.com/info.php/id/8658/sharepoi nts

      it may give you some correctly configured config files that you can then just copy over to all the client computers.
      Since it just uses an absolute path, you should be able to set up a Windoze shared folder that's the same path on every computer. I use this to share a non-home-folder folder, with it's own user/pw.

    16. Re:You can hardly manage the Mac from there by tsa · · Score: 1

      I use Ubuntu. Apparently I have these packages installed.

      --

      -- Cheers!

    17. Re:You can hardly manage the Mac from there by MCSEBear · · Score: 1

      Turning on sharing doesn't share every users home directory. It shares the public directory inside their home directory.

    18. Re:You can hardly manage the Mac from there by ickoonite · · Score: 1

      I can't use the same smb.conf on my Mac as I have on my Linux box.

      Indeed you cannot, and this has a lot to do with what I alluded to in an earlier post - I suspect that rather than using the smbpasswd file (as Linux does), Mac OS X uses NetInfo. Just transplanting a Linux-oriented smb.conf into your Mac will thus not work.

      I think you need to be a bit clearer about what's doing what. It is certainly true that Apple File Sharing will share your whole hard disk, but you need to log on as one of the users registered on your Mac. The reason I and others are skeptical that this is what was happening is because it is non-trivial to get Linux to see AFP shares. You can't just go into GNOME's browser and see them.

      iqu :|

    19. Re:You can hardly manage the Mac from there by dana340 · · Score: 1

      well, normally I'd say RTFA, but i think we can go back to the old adage RTFM. Sideshow's right. What's your admin password set to on your mac. do you have other unsecured accounts? and please tell me you're running OSX. Also, I'd like to make a note, that i have personally worked in mixed windows domain, Mac environments. Macs handle the role of windows domain controllers better than windows machines. (over 5000 users)

      --
      "10001110101 - periodic table with a centerpiece of mind" -Clutch
  8. system administration by ianare · · Score: 2, Insightful

    But where are the ready-made commands to paste into terminal? The neat perl scripts? I thought the whole point of Mac was that you could use the UNIX underneath for administration? I mean if the extent of possibilities is "click here, then click here" you might as well run server 2003.

    1. Re:system administration by lakeland · · Score: 2, Informative

      You can, and it works fine. It isn't quite as easy as editing /etc/fstab (here's /etc/fstab from a computer I'm currently sshed into...

      andrea-lakelands-computer:~ corrin$ cat /etc/fstab.hd
      IGNORE THIS FILE.
      This file does nothing, contains no useful data, and might go away in
      future releases. Do not depend on this file or its contents.
      --
      As you can see, apart from the warning it now contains nothing (this is on 10.4.10). I think on 10.3 it contained the warning and mounted volumes ala /etc/mtab but that could be my memory playing tricks on me. However, the pretty little GUI for editing that file is 100% scriptable from the command line, and so writing scripts to do remote system administration is considered sensible.

      Having said that, some people don't like working like that and those people get pretty little gui tools. Even more scary, some of those people are syadmins - I know because I used to work with one. They had been an OS 7, OS 8, OS 9 sysadmin before OS X came out and there was no way they were going to stop using their way of doing things just because there was a new version of the operating system. Used to drive me nuts watching them work until I trained myself to turn a blind eye.

    2. Re:system administration by Anonymous Coward · · Score: 0

      But where are the ready-made commands to paste into terminal? The neat perl scripts? I thought the whole point of Mac was that you could use the UNIX underneath for administration?

      Are you trying to criticize the operating system or the article?

    3. Re:system administration by Graff · · Score: 3, Informative

      You mean like:
      Mac OS X Server Command-Line Administration PDF

      Here's a web page with all the manuals for Mac OS X Server, lots of good information there:
      Apple Server Documentation

      --
      Sapere aude!
    4. Re:system administration by Anonymous Coward · · Score: 0

      I think it was the article.

    5. Re:system administration by Savage-Rabbit · · Score: 1

      But where are the ready-made commands to paste into terminal? The neat perl scripts? I thought the whole point of Mac was that you could use the UNIX underneath for administration? In my experience OS X administration is pretty much the same as administrating a BSD, Linux or Unix system. There are and always will be differences between them but the basic principles are the same. On OS X I very rarely go for point and click interfaces except the System Preferences and the Disk Utility and I can usually transfer what I know about Linux/BSD/Unix to OS X.

      I mean if the extent of possibilities is "click here, then click here" you might as well run server 2003. Contrary to what seems to be the popular opinion, Windows 2003 server has a quite powerful command-line interface. For some reason surprisingly few Windows admits seem to be inclined to make heavy use of it.
      --
      Only to idiots, are orders laws.
      -- Henning von Tresckow
    6. Re:system administration by CtrlShiftEsc · · Score: 1

      I wasn't going to mention that but --exactly. Windows Server Administration grew up on GUI's where the command-line equivalent utilities, in some areas, were implemented as an afterthought. I think this is why it put off a lot of Unix Admins that I used to know. Things have certainly changed and 2003 is almost as scriptable from the command line as the GUI. Server 2008 takes things to the next level entirely where you can deploy truly headless servers. I haven't even mentioned the Powershell. Unfortunately, with Windows being such a prevalent server OS, there are way too many poorly trained Windows Server Admins out there who would shudder to even launch 'cmd' and who are too comfortable with idea of clicking Next, Next, Next, OK and Cancel. I wonder, if Apple were dominating in the Server market, if their *nix relationship would have made better Sys Admins generally, even if some switched to support Windows Servers?

    7. Re:system administration by Anonymous Coward · · Score: 0

      Because it's a guide for Windows Admins for OSX management. They had to dumb it down to click, click, click.

      No i'm not trolling, ave you even seen how most Windows Admins dont even know the Windows Server command line tools?

    8. Re:system administration by Anonymous Coward · · Score: 0

      Things have certainly changed and 2003 is almost as scriptable from the command line as the GUI. Server 2008 takes things to the next level entirely where you can deploy truly headless servers. I haven't even mentioned the Powershell. Unfortunately, with Windows being such a prevalent server OS, there are way too many poorly trained Windows Server Admins out there who would shudder to even launch 'cmd' and who are too comfortable with idea of clicking Next, Next, Next, OK and Cancel. The funny thing is, when Microsoft does launch Server 2008 (Feb. 27, 2008, in Los Angeles) they will hail things like the ability to run headless severs and a 'fully scriptable from the command-line' UI and a new powerful Windows shell (and hopefully it's finally one that does not suck) as the greatest thing to happen to the server market since computer networking. I still think that only a small portion of Windows admins will truly embrace this technology. The learning curve will be to high and it's easier to simply settle into the comfort of the GUI tools. I have seen people monkeying along on Windows 2003 for days completing tasks by point-and-click that I would have completed in minutes with a simple script on a *nix system and the sad thing is that it's perfectly possible to solve this problem, also on Windows 2003 in an equally short time if you simply take the trouble to learn batch scripting or better yet some VB programming. Doing a basic course in .NET/C# is even better since there are pretty nice API's on Windows that allow you to solve all sorts of tedious problems programmatically.
    9. Re:system administration by Sandbags · · Score: 1

      Mac OSX is UNIX, but as a UNIX admin you would know there are virtually no pre-defined scripts for administration. There are commands that can be run from shell for administration and remote administration, but they're almost all server based, not client, and the type of server your connecting to makes a BIG difference. With this central management system on a MAC OSX Server in the network, these settings can now become host environment independent, and it really doesn't matter if the domain is a UNIX, Novel, or Microsoft, or even a mix. It's easy to admin either way. Somewhere hidden underneath, being a UNIX OS, the commands must be there, but why bother with them at all?

      Just the effort they've taken to ensure the Mac can easily join and work within an Active Directory domain is a fairly impressive step. Do you see any other Distro doing this? Even Suse/Novel's latest release is a bear to get into AD, and has no real direct management other than user generated batch scripts, for which Novel provides no help without also implementing a separate Novel domain.

      Apple has always gone to great lengths to make integrating their OS with others easy. In this case, and after years of partnering with Microsoft, they have allowed their systems to store information in AD about Mac configurations and provided a GUI interface for it that's fairly click-and-go. Managing Group Policy within AD isn't even this easy, or this flexible, and even within Windows regularly requires writing scripts to accomplish some common tasks.

      --
      There is no contest in life for which the unprepared have the advantage.
    10. Re:system administration by Lord+of+Hyphens · · Score: 1

      It's the same kind of person who likes using the Windows GUI for server config. It's just they way they want to do it; it feels easier to them; companies are well within their rights to keep that market segment appeased. Now, don't let that stop your CLI/GUI holy wars[jargon file], though (see many of the comments in the recent story stating netcraft confirms IIS gaining on Apache for a decent example of these kind of people as well as a ongoing holy war fought on the shores of our own beloved /.).



      I, for one, welcome our GUI/CLI (circle one) overlords.
      --
      "I've spent my whole life figuring out crazy ways to do things. It'll work." -- Montgomery Scott, "Relics"
    11. Re:system administration by Jellybob · · Score: 1

      While a Mac OS X system can authenticate against an AD setup, the subject of this document is *OD* - or Open Directory. It's very similar, but it's not the same thing. An earlier post has pointed out that it can be done via Active Directory, but it's third party software.

      At work we have both a Windows 2003 domain controller, which looks after authentication and file sharing for everybody, and a Mac OS X server, which provides the equivalent of group policies for the Apple machines used.

  9. Re:Yawn by bursch-X · · Score: 1

    OK I'll bite, although you're AC and everything. This article said nowhere "why OS X blows Windows out of the water" it didn't say "why OS X is better than Windows", so I don't get why you would start advocating your borg mothership without anybody else involved even thinking about it.

    Are you trying to turn any intelligent discussion into an OS flamewar? Yes, maybe your dick is bigger, but you still don't get laid. Get a life. Or a pussy. Or better both.

    --
    There are two rules for success:
    1. Never tell everything you know.
  10. Another alternative - Centrify by plsuh · · Score: 1

    Another alternative to a Golden Triangle is to use Centrify for the Mac if you have Windows sysadmins who just won't countenance a Mac server. Centrify uses the same underlying mechanisms as Workgroup Manager but lets a directory admin on a Windows server manage the Macs as though he were applying GPO's to Windows machines. While I think a Golden Triangle is preferable, Centrify works well when you just can't install a Mac OS X Server.



    --Paul
  11. Workgroup Manager by nevali · · Score: 2, Interesting

    It's worth noting that Workgroup Manager is a handy tool to run on your own Mac, even without an Open Directory domain, as it's a bit more flexible than Accounts.prefpane, especially for (for example) configuring limited accounts for family members.

    It's part in the Server Admin Tools: http://www.apple.com/support/downloads/serveradmin tools104.html

    I don't know if the license/installer says you have to have a Mac OS X Server installation to use them, because I haven't looked.

  12. no, you are wrong by PDubNYC · · Score: 1

    What the original poster is trying to say, and repeatedly getting misunderstood about, is that turning on either FileSharing or Windows Files Sharing shares his entire home directory, including all of his personal files, and any home directory applications, and there is no built-in way to only share particular folders.

    I agree with this point, as I wish that I could specify a particular folder to share, but overall, since I am running client software, and use file servers when in an environment of other users, it doesn't bother me too much.

    1. Re:no, you are wrong by Anonymous Coward · · Score: 0

      This is getting fixed in Leopard... thankfully.

  13. Re: AdmitMac is bad software by rbanzai · · Score: 1

    I've spent the last year cleaning up the mess left behind by AdmitMac at my company. This software is awful, so bad in fact that Thursby has removed their online support forum due to the tidal wave of complaints.

    The worst bug: AdmitMac will simply refuse to allow a user, and sometimes even a local administrator from logging in! It did this from the earliest version we used in 2006 to the last version in early 2007. I would get late night and weekend calls from the CFO or the CEO that they couldn't log in and it didn't matter how many cached logins were specified in the prefs.

    AdmitMac is shit, my dislike stoked even more by how expensive it is and how poor Thursby's support has been. The closest I got to any satisfaction was when I received an apology from a VP of Thursby after posting at their support forum that I was about to stack up all my copies of AdmitMac in the parking lot and set them on fire.

    It's really that bad.

  14. Re:Yawn by Mister+Whirly · · Score: 1

    "This article said nowhere "why OS X blows Windows out of the water" it didn't say "why OS X is better than Windows""

    Of course it didn't. On Slashdot, those two things are just assumed.

    "Are you trying to turn any intelligent discussion into"
    ...a discussion about an AC's genitals??

    --
    "But this one goes to 11!"
  15. Mixed Messages by MSTCrow5429 · · Score: 1

    What? Mac has systems management? That's impossible, everyone knows Mac is so easy to use, and virus-free, that it's the toaster of computers.

    --
    Slashdot: Playing Favorites Since 1997
  16. from the command-line by mzs · · Score: 2, Insightful

    Or if you want to do it from the command line there is a perl script here to do it:

        http://www.macosxhints.com/article.php?story=20011 119095823908

  17. Used this for a long time by guruevi · · Score: 2, Interesting

    I've used this in an all-Mac environment. You can't beat it with anything. I have it for home now.

    It's kinda like Active Directory but much more simple, open and you can integrate it with other (non-Mac) systems since it's pure LDAP (over SSL) and Kerberos. There is even a feature to integrate and manage your Windows machines without using Active Directory. Combine it with Apple Remote Desktop and Apple's Software Update Service and you can deploy whatever package or update you want within seconds (it uses multicasting to save on bandwidth, eat that Microsoft)

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
  18. Re:Yawn by Anonymous Coward · · Score: 0

    Yeah... that guy really showed me up. Guess next time I want to know how to make an intelligent point, I'll just follow his example.

    Oh, BTW bro, good job on showing me how much better Mac does network management than Active Directory. I'll think twice next time I say how far off Microsoft's tail lights are from the Mac (or Lunix) perspective.

  19. Something Similar for Linux by Anonymous Coward · · Score: 0

    It's a real pity there's not an open source equivalent of this for Linux. Setting up DNS, DHCP, LDAP, Kerberos, and SSL takes ages and requires way too much faffing about.

  20. Whoooo you can remotely manage a computer by Coolhand2120 · · Score: 1

    The fact that this is a story show how far behind Apple is in remote management. Everything here I could do on *inx or MS computers for at least a decade, why is this news? I guess there has to be some padding between the regular blowjobs that /. likes to give Apple. oh wait, this is one of those huh. Geeze get a room.