Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mac Systems Management

Posted by kdawson on from the tools-of-the-trade dept.

johannacw writes "This story has in-depth info about managing Macs using Apple's Managed Preferences architecture. It covers how to use the 14 built-in systems-management areas, how preferences interact, how to secure workstations, and how to help users access resources including applications and printers. It's a must-read for any systems admin working in a Mac or mixed environment. Written by Ryan Faas, this is a follow-up to his popular Inside Apple's Workgroup Manager."

13 of 75 comments (clear)

  1. Interesting but.... by tonsofpcs · · Score: 2

    How easily deployable are settings of this sort?

    --
    Video Production Support
    1. Re:Interesting but.... by _merlin · · Score: 4, Informative

      Just as deployable as MS AD Group Policy: you define policy for the domain, and member computers pick it up. Obviously, you need a domain master, and you need to bind the target computers to the domain. But this is no different to any other directory service.

    2. Re:Interesting but.... by rizzo320 · · Score: 4, Informative

      In most cases a "golden triangle" is used where the Mac is bound to both Active Directory and Open Directory. The login credentials for users are managed in Active Directory, where as the managed preferences for the workstations are managed in Open Directory. It's a pretty common setup.

      If you really need to blend in with your Active Directory environment, you can bypass workgroup manager altogether and go with ADmit Mac by Thursby Software. Though on the pricey side, it allows you to do much more from with AD than the standard features of OS X. The last time I checked, it even allowed you to apply certain types of group policies onto the managed Macs... very cool stuff.

    3. Re:Interesting but.... by somersault · · Score: 3, Funny

      "If you really need to blend in with your Active Directory environment, you can" use a BlendTec blender!

      Couldn't resist..

      --
      which is totally what she said
  2. Re:A basic article about a 2-year-old OS is news? by Whiney+Mac+Fanboy · · Score: 5, Funny

    Seriously, why is this on Slashdot? Did the editor think it was about 10.5 or something?

    Indeed - this so-called-article is taking up valuable iPhone fluff story screen real estate.

    --
    There are shills on slashdot. Apparently, I'm one of them.
  3. system administration by ianare · · Score: 2, Insightful

    But where are the ready-made commands to paste into terminal? The neat perl scripts? I thought the whole point of Mac was that you could use the UNIX underneath for administration? I mean if the extent of possibilities is "click here, then click here" you might as well run server 2003.

    1. Re:system administration by lakeland · · Score: 2, Informative

      You can, and it works fine. It isn't quite as easy as editing /etc/fstab (here's /etc/fstab from a computer I'm currently sshed into...

      andrea-lakelands-computer:~ corrin$ cat /etc/fstab.hd
      IGNORE THIS FILE.
      This file does nothing, contains no useful data, and might go away in
      future releases. Do not depend on this file or its contents.
      --
      As you can see, apart from the warning it now contains nothing (this is on 10.4.10). I think on 10.3 it contained the warning and mounted volumes ala /etc/mtab but that could be my memory playing tricks on me. However, the pretty little GUI for editing that file is 100% scriptable from the command line, and so writing scripts to do remote system administration is considered sensible.

      Having said that, some people don't like working like that and those people get pretty little gui tools. Even more scary, some of those people are syadmins - I know because I used to work with one. They had been an OS 7, OS 8, OS 9 sysadmin before OS X came out and there was no way they were going to stop using their way of doing things just because there was a new version of the operating system. Used to drive me nuts watching them work until I trained myself to turn a blind eye.

    2. Re:system administration by Graff · · Score: 3, Informative

      You mean like:
      Mac OS X Server Command-Line Administration PDF

      Here's a web page with all the manuals for Mac OS X Server, lots of good information there:
      Apple Server Documentation

      --
      Sapere aude!
  4. Re:Manage your macs... by Lehk228 · · Score: 3, Funny

    but managing macs IS easy

    1) turn on mac

    2)periodically remind typical mac user that the computer is not thirsty and does not require watering like a plant.

    --
    Snowden and Manning are heroes.
  5. Re:You can hardly manage the Mac from there by SideshowBob · · Score: 4, Insightful

    Um, no. What are you even talking about? When you connect to that computer you have to authenticate with a username and password. You will only be able to access data remotely that you could access if you were logged in as that user locally.

    And I don't get what your second problem is. If you had personal file sharing turned on, then your Linux box must've been connecting to your Mac via afp.

    I think you're just very confused.

  6. Workgroup Manager by nevali · · Score: 2, Interesting

    It's worth noting that Workgroup Manager is a handy tool to run on your own Mac, even without an Open Directory domain, as it's a bit more flexible than Accounts.prefpane, especially for (for example) configuring limited accounts for family members.

    It's part in the Server Admin Tools: http://www.apple.com/support/downloads/serveradmin tools104.html

    I don't know if the license/installer says you have to have a Mac OS X Server installation to use them, because I haven't looked.

  7. from the command-line by mzs · · Score: 2, Insightful

    Or if you want to do it from the command line there is a perl script here to do it:

        http://www.macosxhints.com/article.php?story=20011 119095823908

  8. Used this for a long time by guruevi · · Score: 2, Interesting

    I've used this in an all-Mac environment. You can't beat it with anything. I have it for home now.

    It's kinda like Active Directory but much more simple, open and you can integrate it with other (non-Mac) systems since it's pure LDAP (over SSL) and Kerberos. There is even a feature to integrate and manage your Windows machines without using Active Directory. Combine it with Apple Remote Desktop and Apple's Software Update Service and you can deploy whatever package or update you want within seconds (it uses multicasting to save on bandwidth, eat that Microsoft)

    --
    Custom electronics and digital signage for your business: www.evcircuits.com