9 Replies Latest reply: Jan 18, 2013 1:33 PM by JonnyFGM
JonnyFGM Level 1 Level 1 (0 points)

Hello

 

I work at a college, we have a number of macs (<50) that are connected to the network. They are running a variety of OS's however the only ones I am concerned about for now is 10.7 and 10.8.

 

I have sucessfully managed to reimage all macs that can run either 10.7 or 10.8 and have joined them to the colleges active directory domain so that the students can log on with their active directory accounts. We need students to be able to log on with their active directory accounts so we can have accountability for internet use etc etc.

 

Ideally what I would like to do is to be able to manage the macs settings centrally using the 10.8 server we have. I have tried to use the workgroup manager so far to manage settings for machines/users, however I get an error when I try and create new computer groups (no existing AD OUs appear) and I get an error when I try and apply settings to existing AD user groups, I presume these are authentication errors.

 

I have set the 10.8 server up as an open directory master, and I have bound it to the domain. Is there a stage I am missing?

 

Also is there a better way of doing what I want to do than with the magic triangle/workgroup manager? What I ideally need to be able to do is set proxy settings, disable the ability to join wifi networks without administrative rights, map network drives and add printers.

 

Hope someone can help

 

Thanks

  • 1. Re: Using Macs in a domain environment
    Strontium90 Level 4 Level 4 (3,140 points)

    MCX is dead.  Apple is killing it.  Don't expect anything to work in 10.8.  I would suggest you look at JAMF's Casper suite.  Since you are in education you basically get it for free.  You will need to pay for the initial JumpStart but this will be the solution to all your needs.  With JAMF, the only limitation is your imagination.

  • 2. Re: Using Macs in a domain environment
    JonnyFGM Level 1 Level 1 (0 points)

    Thanks

     

    I had started to suspect as such with how prominent profile manager seems to being pushed, shame this basically doesn't let you do anything on a mac

     

    I will look into that

     

    Thanks

  • 3. Re: Using Macs in a domain environment
    Strontium90 Level 4 Level 4 (3,140 points)

    You can use profile manager to set policy on a Mac.  But the richness and extendibility that was MCX is not yet present.  Profile manager assumes the device is used by an unidentified entity (the userless iOS model).  MCX accounted for multiple users and multiple domains of policy enforcement (computer, group, user).

     

    Good luck.

  • 4. Re: Using Macs in a domain environment
    JonnyFGM Level 1 Level 1 (0 points)

    Thanks

     

    Unfortunately profile manager doesn't offer the ability to set OSX proxy settings which is the main thing I want. This wouldn't be such a problem except the creating the netrestore image strips the proxy settings out for some reason

  • 5. Re: Using Macs in a domain environment
    Strontium90 Level 4 Level 4 (3,140 points)

    Nope.  If you are looking for a one time push and you are using Apple Remote Desktop, you can script this with the networksetup command line tool.

     

    man networksetup

     

    Look at the -setwebproxy and -setwebproxystate switches and their attributes. 

     

    And that is odd that the restore is removing them.  I've not used netrestore in a while but it always does something strange. 

  • 6. Re: Using Macs in a domain environment
    JonnyFGM Level 1 Level 1 (0 points)

    Thanks

     

    We don't yet have ARD but are planning on getting it ASAP, think it'll be much easier to convince finance department to buy that than JAMF

     

    I presume there will be a command to set proxy exceptions too?

  • 7. Re: Using Macs in a domain environment
    JonnyFGM Level 1 Level 1 (0 points)

    Well I seem to have made a bit of progress with workgroup manager.

     

    If I add domain users to a local network group I can apply certain preferences to them. However binding the mac to the open directory causes it to show in the ldapv3 workgroup manager, however the preferences don't seem to apply.

     

    However some (most) preferences aren't applying, in fact the only ones i've managed to get working so far are dock preferences

     

    Are the features that aren't working just broken in 10.8?

  • 8. Re: Using Macs in a domain environment
    Strontium90 Level 4 Level 4 (3,140 points)

    That has been my experience.  And Apple has consented that WGM is there to support 10.7 and before but that 10.8 is intended to be managed with Profiles.

  • 9. Re: Using Macs in a domain environment
    JonnyFGM Level 1 Level 1 (0 points)

    Actually, thinking about it, the client I was testing it on was on 10.7. Not that it matters because if something works on 10.7 and not on 10.8 then it's no good.

     

    Nice job apple, have something that fits my needs then scrap it, this is becoming a pattern