Active Directory Parental Controls?

[Josh Kahane]

Hi

We have just got 20 Macs setup and added them each individually to our Active Directory server and they work really well.

However, we really need some sort of deeper control over what user can access while on the Macs, I have heard a little that Lion Server or Remote Desktop might help, but I need better directing.

What can I get which will relatively easily let me lock down applications etc on our Macs connected to Active Directory?

Also if Lion Server is what might be needed or an option, does it need installing on every Mac? Or Just our master one? And, would mean having to rebind every computer?

Thanks.

 

[Mattie Num Nums]

Lots of options here.

#1 - Extend AD schema. You get some extra GPO's you can apply to OSX

#2 - Centrify is an AD plugin that adds most of the basic MCX's in WGM to the AD console allowing MCX's to be managed by an AD Admin.

#3 - Lion Server to Work Group Manager (WGM), this option would take some engineering. You will need to set up OD and WGM and tie it into AD. Its possible but it takes time and testing.

#4 - JAMF Casper is a great tool for desktop management though its more for larger scale infrastructures. Casper does so much, imaging, packaging, remote control, MCX/GPO management, custom policies, etc. Casper 8.51 also allows remote lock and remote wipe of 10.7 systems that have the standard Recovery Partition present. Worth the money!!!!