OS X Leapord - Restricting users from Active Directory

2 posts / 0 new
Last post
Macintrash's picture
Last seen: 10 years 3 months ago
Joined: Dec 20 2003 - 10:38
Posts: 29
OS X Leapord - Restricting users from Active Directory

Hey all,

Havn't posted here in a while.
Need your help;

We have bought a few new 24" iMac's here at school with the latest version of Leapord.
All of the student and staff accounts are on Active directory and I need student to access machines but have similar restrictions as they do on XP desktops.

We have managed to join the Mac to the domain, Bind with Active Directory and students are able to log on, have their home drive mapped and print etc - there are no restrictions as to what the user's can do on the machines however.
I realise the Mac's don't use the group policies etc in AD, but is their any way I can lock down the students locally? Parental Controls only works for local users.
In the past I have used created a generic logon (local) and locked it down.

Has anyone come across this challenge before?


Reverend Darkness's picture
Last seen: 8 years 9 months ago
Joined: Dec 20 2003 - 10:38
Posts: 502
Mac's and AD - Commercial Solution

I haven't been around for a while, but this is right up my alley:

There is a commercial solution by Thursby Software called ADmitMac ( http://www.thursby.com/admitmac/ ). ADmitMac replaces Apple's Active Directory plug-in with a more robust solution.

Not only can ADmitMac allow the Macs to be joined to the domain, but has three different options for Home Folder use, and integrates with Apple's Workgroup Manager to store MCX on the AD. This means you can modify managed preferences and have them apply without the need for an OD server.

Also, ADmitMac is installed on the Mac, so there is nothing to install on your server, and no changes to be made to your current AD setup.

They have a free eval available, and if you have any questions, call them and ask for "Jim". Trust me, he's the go-to guy for this stuff.

I know that there is cost involved, and I won't pretend to blow it off as insignificant, but IMHO, it's the best solution out there.

Log in or register to post comments