Granular System Permissions

Discussion in 'macOS' started by shadowfayre, Aug 1, 2012.

  1. shadowfayre macrumors regular

    Joined:
    Jan 17, 2006
    #1
    Is there a way in OSX to give users certain permissions to do activities normally sectioned off for administrators? One example being System Updates and Package Updates. We have several Mac Pro's in the office that unlike Windows with Windows Update Services; users on the Mac's must have admin permissions or wait for a tech to come by and enter a password to install updates. This can become a PITA when you have hundreds of Mac units. Same applies when the same user needs to install say Adobe updates (although, this particular issue is no different on a Windows unit).

    We do not want users having admin permissions; having access to all system configurations and being able to install any said application.

    Thanks!
     
  2. ScoobyMcDoo macrumors 65816

    Joined:
    Nov 26, 2007
    Location:
    Austin, TX
    #2
    I think that OS-X server has some sort of service you can use to push system updates to mac clients. That would probably be a better option for you.
     
  3. shadowfayre thread starter macrumors regular

    Joined:
    Jan 17, 2006
    #3
    1) We are a Windows environment here at the office. No X-Servers
    2) I thought X-Server was dead?

    I know Apple does not care about the Enterprise; but I also know we are not the only one that have both Apple and Windows units trying to work peacefully together. :)
     
  4. ScoobyMcDoo, Aug 1, 2012
    Last edited: Aug 1, 2012

    ScoobyMcDoo macrumors 65816

    Joined:
    Nov 26, 2007
    Location:
    Austin, TX
    #4
    As far as endpoint management goes Microsoft is probably only going to deal well with Windows machines and Apple with macs. If you indeed need to deal with a heterogeneous environment, you might need to move to something like Tivoli.

    The rack-mount x-server line is indeed dead, however they do still sell OS-X server, which I believe is now just a set of tools you put on top of OS-X. it sells for $20 on the app store. You could buy a mac pro, or even a mini to run it on. I think they still sell mini's with server pre-loaded.
     
  5. shadowfayre thread starter macrumors regular

    Joined:
    Jan 17, 2006
    #5
    What Tivoli Product would allow me to push patches to Macs? And does it work with 3rd party applications as well?

    ----------

    Also is there no other way to give users the permission to install updates? I really do not need an management tool just so the Macs stay up to date. What are others doing in the Enterprise? Surely IT is not giving their Mac users full access to their clients....
     
  6. ScoobyMcDoo macrumors 65816

    Joined:
    Nov 26, 2007
    Location:
    Austin, TX
    #6
    Well, if you think about it, updates involve writing files to parts of the file system you really don't want your users to have access to. So, even if there were a way to give the granularity you want, I don't think file system access is something you want to give your users.

    In our organization, there are only two people who have macs - I am one of them. Both of us have full control of our macs. It's a pretty small company though - about 100 employees.

    Have you considered calling Apple and asking them? If you do, please post back here and let us know what they say.
     
  7. ScoobyMcDoo macrumors 65816

    Joined:
    Nov 26, 2007
    Location:
    Austin, TX
    #7
    I got kind of curious about this and found this post which may be of some help to you.
     
  8. BrianBaughn macrumors 603

    BrianBaughn

    Joined:
    Feb 13, 2011
    Location:
    Baltimore, Maryland
    #8
    Does your office have "several" Macs or hundreds?

    If it's hundreds, a server could be the way to go. With several...naah.

    Just turn off automatic software updating for the Macs. A tech can visit the Macs periodically during off hours to check for and install updates. With automatic updates off, the users won't be interrupted.
     
  9. ScoobyMcDoo macrumors 65816

    Joined:
    Nov 26, 2007
    Location:
    Austin, TX
    #9
    Also, if it's just several, and your techs don't want to actually go the computer, they can just ssh in and use the softwareupdate command.
     
  10. shadowfayre thread starter macrumors regular

    Joined:
    Jan 17, 2006
    #10
    We have 9 macs in total but they are spread out. I am the only tech that wears many hats; including managing the network (100 user company).

    Currently we do periodically run updates. I was just hoping for an alternative solutions. Windows clients can install updates without admin permissions, as they are configured to run automatically in the background (and that is without the use of Windows Update Services). That said in a corporate environment with WUS we do have control on what updates are available.

    Same with 3rd party updates. These are handled using Group Polices. Something again I realize is a Microsoft to Microsoft solution.
     

Share This Page