Brave New World of Subscriptions & setting up Macs for others

Question

Level 1

9 points

Brave New World of Subscriptions & setting up Macs for others

Kind of a crazy question but... I am in a small 6-person art department in a much larger company. We're the rogue Mac users, so I'm on my own and learning as I go.

It used to be simple: install software on Macs in the back room, test it, tweak settings as necessary, make a note of license numbers and CDs, and then hand it over to the end user and start on the next one. Now with all the email-based logins, it's complicated. So my question is: What's the "cleanest" way for small-department system techies to go about setting up new Macs?

We have new MacBook Pros with High Sierra. I have to get the OS set up to work with the corporate network, install software such as Adobe CC and Suitcase, make sure fonts, plug-ins and everything else play well together, ensure browsers can reach our support vendor sites and Mother Unit corporate sites, etc. Sometimes I run into problems and have to troubleshoot for a while before the next step.

The problem is, all along this process I'm interrupting users: "Would you enter your Adobe ID for me?" "Would you enter your Suitcase ID for me?" "Oh, you forgot your password? Could you have it resent to your email address and let me know when you get it?" ... which of course they don't get to right away, so I'm making copious notes about where I ran into a problem on who's system.

Or "Oh, so-and-so left? Dang, it's asking for her network proxy password to get to the internet to download an update." So I enter my own network password just to get things done... and hope I remember later to find and blow it out of Keychain... after I reconnect with the end user and have them enter their own.

God forbid I have to restart along the way, or have an issue and I have to ask them again. But it happens.

And there's always the user who mistakenly uses their home ID/login for Apple or subscription software.

Back to my question... How do other techies handle this Brave New World? (I don't have an "Enterprise Management" option where I can push software to a central install site. That's reserved for the Windows Gods. I'm a Mac Peasant.)

Thanks.

MacBook Pro, macOS High Sierra (10.13.6)

Posted on Oct 23, 2018 3:15 PM

Reply

Answer 1

Best reply

MrHoffman

Community+ 2024

Level 10

117,121 points

Oct 24, 2018 8:28 AM in response to iamquoz

Have a look at the MacEnterprise mailing list and related. Also see the Munki project. Munki and MDM stuff can be used to get apps to the end-users, and Munki is free, and Apple’s MDM solution —currently unfortunately misnamed macOS Server—is available inexpensively.

There are discussions of creating copies of software to install.

Links to some of the available resources and discussions and archives...

http://www.macenterprise.org/mailing-list

https://www.munki.org/

Der Flounder | Seldom updated, occasionally insightful.

http://krypted.com/

Also check with the Apple Business folks at your local Apple store, as they can have some suggestions.

As for coordinating a user’s passwords across systems, that’s usually done using a directory server service, and often with Windows Active Directory or another LDAP directory server. macOS clients can be “bound” to the directory server, which means the passwords and other details are conmon across all systems sharing that directory server and its replica servers.

As was mentioned, macOS with Server.app installed is now effectively an MDM package, and not a network server. The current version of Server.app does have a directory server, but I’m skeptical around hoe long that’ll continue to be available, and you probably already have a different directory server around; AD or otherwise. Other than as an MDM, I wouldn’t usually consider macOS with Server.app installed; not any more.

As for the passwords? Remote Access into a problematic app is available through various means, though Apple Remote Desktop (ARD) app is likely a good fit for what you’re up to here, too. The user can sit at their Mac, and you can access it remotely, and they can enter their passwords.

I prefer to avoid knowing the passwords of the end-users. That for accountability and auditing reasons. Shared accounts and shared access credentials tends to end up in a quagmire, either for the end-users or for the IT folks. Or for both.

Reply

Answer 2

Oct 24, 2018 9:58 AM in response to iamquoz

Yes, Server.app was cheap and it worked well, and that's why a number of us were using it.

But before you purchase Server.app, have a very careful look at what Server (doesn't) provide now, as of the most current 5.7.1 release.

There were massive deprecations in what the Server.app tools provides.

Why this newest release wasn't called V6 or such is beyond me. It's very different from earlier releases.

Server.app is now little more than an MDM tool, and it's definitely not what I'd consider a network server.

One of the three network services still offered by Server.app is the Open Directory LDAP server. If you're in an organization with Microsoft Windows, the Windows folks will almost certainly already have an Active Directory LDAP configuration either locally, or they'll have hosted AD via Microsoft Azure. You won't need Open Directory, if that's the case. You can tie into the Microsoft directory.

Whether the other two services are useful to you?

Reply

Answer 3

iamquoz Author

Level 1

9 points

Oct 24, 2018 8:27 AM in response to MrHoffman

This is great information. I've started looking into the server app, and given the price I might actually get the OK to purchase it. If not, Munki. And I really appreciate the links. Thank you!

Agree that I don't want to know the passwords of end users. Sometimes they offer to tell me to reduce the interruptions, but I reply that I really don't want to know.

Reply

Answer 4

iamquoz Author

Level 1

9 points

Oct 24, 2018 11:44 AM in response to MrHoffman

Your reply is getting over my head... I'm vaguely familiar with the general concept of Active Directory but not sure how it would apply to my problem of trying to install subscription software (e.g. Adobe, Suitcase) for others on Macs. We're not going to be coordinating passwords for our specialty software... We are able to connect to the corporate network for browsing and our art file server, but other than that our I.T. department is clear about stating they don't support Macs, so I can't turn to them for help.

Reply

Answer 5

Oct 24, 2018 3:31 PM in response to iamquoz

You are pragmatically part of your organization's IT, here. Your organization's IT management is unfortunately unhelpful, and I'd tend to escalate that to senior management to sort out.

The directory services—among other uses—coordinate passwords across all systems, as well as contact information and other details. It's how the same password works across all services and all systems. The directory is how—for instance—IT can remove the entry for a retired or retired user in one place, and have that user's access disabled across all connected systems.

Running macOS with Server.app installed—running a network server—is probably not what you want to be doing here. But you're going to have to run a server—though not with Server.app, most likely—for Munki and other services.

For your purposes and until senior management sorts out IT and until your Macs are bound to the directory server, Apple Remote Desktop is probably the best of the available options, with the user at their system. With Munki or related for provisioning software.

But again, you're very much pragmatically part of your organization's IT, and you're not getting the support that you should be. Which is on management.

Reply

Answer 6

iamquoz Author

Level 1

9 points

Oct 25, 2018 8:25 AM in response to MrHoffman

MrHoffman, I agree with your last two sentences. 🙂 The question of Mac support was already "escalated" in the past and the approach was to put us on PCs despite our Mac customer base--until font issues intervened. In a way I don't mind if corporate IT isn't too involved beyond providing network logins; while our [understaffed] local guys are great, big-company corporate-level involvement can create complexity to the point of being counterproductive... I'm just looking for a way to ease Mac setup and testing now that software tends to be subscription-based. Perhaps I can do that at my local level with ARD and Munki. I appreciate the direction. Thanks!

Reply

Answer 7

BDAqua

Level 10

239,375 points

Oct 23, 2018 3:24 PM in response to iamquoz

Maybe Server edition of the OS?

What's new in macOS Server - Apple Support

Reply

Brave New World of Subscriptions & setting up Macs for others

Similar questions