Dealing with Mac Creep

With the popularity of Apple products on the rise, IT departments must start thinking differently about their management processes. 

Due to the broadening popularity of Apple's desktops and notebooks-and, to a growing extent, of its iPhone-IT administrators at many enterprises are faced with providing updates, core applications and network authentication services to greater numbers of Apple computers and devices.

Fortunately, as Apple's computing fortunes have risen, an array of options for integrating these systems with Microsoft Windows-based applications and management infrastructure also have emerged.

As with the Windows-based machines in your enterprise, one of the primary tasks facing administrators charged with managing Apple clients and devices is keeping systems up-to-date with security patches and bug fixes.

For a look at the centralized update features built into Mac OS X Server, read Andrew Garcia's story, here.

But, beyond providing for a solid software update framework, perhaps the most important task for administrators that service a Mac contingent involves folding these systems into your organization's identity and policy-based management framework. For most companies, this means connecting OS X machines to the AD (Active Directory).

With current OS X versions, adding machines to an AD domain is a fairly straightforward affair, and the process has grown appreciably simpler with each passing release. On OS X 10.5, the operation is practically the same as with Windows systems and involves launching the OS X Directory Utility, specifying the desired domain and providing the correct administrator credentials.

To ensure that the same AD groups empowered to administer Windows domain members can exercise these rights on OS X clients, you need to specify this behavior in the "allow administration by" section of your AD service entry in the Directory Utility.

For organizations that wish to extend their AD-centric management embrace of OS X systems beyond authentication, there are a few third-party applications that can add Microsoft's Group Policy to your organization's OS X management mix, including Centrify's DirectControl for Mac and Likewise Software's Likewise Enterprise 4.0, which I reviewed in January of this year.

During my tests of Likewise Enterprise, I was able to use Microsoft's standard Group Policy management tools to push out a set of Mac-specific policies to my OS X test systems, most of which applied to log-in and network behavior, and many of which governed the operation of the Bluetooth radios that come built in to many Mac systems. I could not, however, exert as broad a set of controls over the appearance and operation of OS X machines as I could over Linux systems running the GNOME desktop.