PDA

View Full Version : Setting Policies to Macs




Lew4484
Aug 6, 2013, 06:23 AM
Hi there, we have recently bound our college iMacs to our Active Directory domain. We have taken our mac server out of the equation completely and have extended our AD schema. I am able to send down policies by each user group via Workgroup Manager and they work fine, however when I try to set computer policies they don't appear to take affect. I have tried to do this with a set of Snow Leopard machines and these appear to work fine, the only machines affected are running Lion or Mountain Lion. Does anyone have any ideas on how to fix this without having to use a Mac server?

Active Directory: Microsoft Server 2008
Client Machines: Mountain Lion 10.8.4
Workgroup Manager version: 10.8(409)



satcomer
Aug 6, 2013, 10:05 AM
Hi there, we have recently bound our college iMacs to our Active Directory domain. We have taken our mac server out of the equation completely and have extended our AD schema. I am able to send down policies by each user group via Workgroup Manager and they work fine, however when I try to set computer policies they don't appear to take affect. I have tried to do this with a set of Snow Leopard machines and these appear to work fine, the only machines affected are running Lion or Mountain Lion. Does anyone have any ideas on how to fix this without having to use a Mac server?

Active Directory: Microsoft Server 2008
Client Machines: Mountain Lion 10.8.4
Workgroup Manager version: 10.8(409)

You should have at least server 2008s2. That is when Microsoft first sold Apple Active Sync. So upgrade you server to at least 2008s2 to native bond them.

Lew4484
Aug 7, 2013, 02:33 AM
Sorry my mistake, we are running Windows Server 2008 R2.

Alternatively, if this isn't possible would we be able to force a machine to create a mobile account and sync with their network account? I've tried to manually change this on the machine itself, but I've read that if we've updated our schema (which we needed to do to assign user group policies), it ignores the settings from the machine and takes whatever is assigned in AD, so when I've tried this it fails. The only reason we need computer policies is to create mobile accounts as we use Final Cut in one classroom and certain functions won't work particularly well over the network. I'm not a fan of mobile accounts, so I just want to restrict this to one classroom.

Everything else is working perfectly and I've assigned several group policies, which work fine. Computer policies however won't work on machines with OSX Lion or higher.

Thanks