The key parts of Mac management
Mac management in the enterprise consists of three major components:
- Integrating Macs with key enterprise systems such as Active Directory and Exchange
- Applying policies to manage Macs similar to the way Group Policies manage Windows PCs
- Understanding how to efficiently deploy and update Macs and the apps and configurations they run
Much as with PC management, these areas combine into an overall workflow, though they tend to be somewhat more discrete processes. This article will look at the first of these areas: integrating Macs with enterprise systems. The following two articles in this series will look at understanding policy options for managed Macs and deployment methods, respectively.
There are multiple tools and mechanisms to accomplish the various tasks related to Mac management. Using the tools built into OS X itself is the most basic option. Although effective, this can be limiting when managing a large-scale Mac deployment. Another option is to make use of additional enterprise-oriented solutions from Apple, such as OS X Server, Apple's Device Enrollment Program (DEP), and its Volume Purchase Program (VPP), to streamline and enhance various parts of the process. There is also a range of third-party solutions that significantly expand on what Apple offers.
OS X and Active Directory
Active Directory is a critical piece of enterprise computing for virtually every organization. Joining PCs to an Active Directory environment provides all manner of critical functionality, including user authentication, access controls, audit logs, management of the Windows environment, and integration with a range of additional systems like Exchange. Acting as a central source of information about almost everything within an organization, Active Directory also goes beyond PCs. It is essentially the glue that makes much of enterprise computing possible.
The good news is Macs can be joined to Active Directory. On an individual Mac, the process is fairly straightforward. Launch System Preferences, go to Users & Groups, select Login Options in the sidebar, click the Join button next to Network Account Server, and enter the appropriate information for the domain and authenticate using an account that has privileges to join a PC to the domain. Once that's done, users will be able to log into that Mac with their Active Directory credentials pretty much the same as on a PC. Single sign-on is also supported for many services such as network browsing or file sharing.
Users and Groups System Preferences Pane: Joining a Mac to Active Directory
Joining a Mac to Active Directory primarily enables user authentication and adherence to password policies. Some functionality common when a PC is joined to Active Directory doesn't automatically occur. Configuration based on Group Policies or automatic configuration for access to services such as Exchange based on a user's account are two examples. These can be automated using policies, but those policies generally aren't directly tied to a Mac's Active Directory membership. Basic attributes about the Mac itself are stored in Active Directory as they would be for a PC, however.
Sign up for CIO Asia eNewsletters.