Administrative Options in Directory Utility
The second is the ability to allow members of Active Directory groups to have administrator access to a Mac when logged in using their Active Directory accounts. This is the same functionality that can be granted to PCs. This option is disabled by default. When enabled, any Active Directory group can be specified, though domain admins and enterprise admins are enabled by default.
The final option, which is enabled by default, is to allow authentication using accounts from any domain in an Active Directory forest rather than only the domain to which the Mac is joined.
Additional information on integrating Macs with Active Directory is available from Apple.
OS X and Exchange
Next to Active Directory, Exchange is one of the most commonly used enterprise services. There are two options for integrating Macs with Exchange: use the native PIM apps in OS X or deploy Office for Mac, which includes Outlook for Mac. Neither option is configured automatically based on a user's account when a Mac is joined to Active Directory but can be automatically configured based on a policy.
Configuring either manually is very simple and can be accomplished by users. For native apps, the option is located in the Internet Accounts pane in System Preferences. For Outlook, it's located in the Preference dialog and displayed in the initial setup dialog.
OS X natively supports L2TP over IPSec, PPTP, Cisco IPSec, and IKEv2 VPNs. These can be automatically configured by a policy or configured manually using the Network pane in System Preferences. Additional VPN types are supported through the use of third-party clients. It is possible to use policies to configure most third-party software, including VPN clients.
In the next piece in this series, I’ll look at the various ways that management policies can be applied to Macs and to users, as well as the full set of policy options available in OS X.
Sign up for CIO Asia eNewsletters.