Review: Direct Control for administering Macs in a Windows world
Computerworld - Centrify's Direct Control for Mac is a complete solution for Active Directory environments in which you have to support Mac clients and need secure access to Mac OS X system components or must manage the user environment.
Direct Control allows you to join Mac OS X computers, as well as other versions of Unix/Linux, to Active Directory. You can organize them and delegate administration via organizational units known as zones. And you can manage them using a series of group policies specifically designed to work with Apple's managed preferences model.
Direct Control for Mac fulfills a common need. Although Macs typically make up a small fraction of the total number of PCs in a corporate network, they often still need access to the resources of that network. And they still need to be controlled and secured according to company policies and government regulations.
Apple does include some Active Directory support in Mac OS X. But that support is limited to letting users log into a Mac workstation using an Active Directory account. It provides very little support for securing local resources -- although, by default, it doesn't grant Active Directory users local administrator access, so there is some safeguard. But it provides no support for configuring a managed user environment.
Another major limitation is that Apple's Active Directory solution uses LDAP rather than Microsoft's ADSI protocol when authenticating users, and it doesn't support signed LDAP communication. This means that you must lower the domain security policy for Windows 2003 Server to support Mac clients, which can expose an Active Directory domain to increased risk of network attacks.
Direct Control for Mac offers full support for signed communication with Active Directory, although it does rely on Apple's variation of Samba to provide access to file shares and print queue, and this version of Samba doesn't support signed communication. Also, Directory Access uses the ADSI protocol. Further, Direct Control extends Active Directory's smart-card authentication support to work seamlessly with Mac OS X.
More important, Direct Control offers several server-side components that allow you to fully support Mac users by assigning the user ID (UID) and group ID (GID) attributes that Mac OS X relies upon for user identification and file permissions.
While all the above features make Direct Control for Mac a tempting solution, the fact that it includes a range for group policies that can be used to secure and manage the Mac OS X environment is what makes it an excellent solution.
Direct Control for Mac uses group policies that integrate with the client-side components of Apple's managed preference environment. The icing on the cake for Windows administrators is that Direct Control integrates well with Active Directory; managing Mac workstations has the same familiar feel as managing Windows PCs.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- Axeda Platform Technical Overview This paper summarizes the major features of an IoT platform and explains how they simplify and speed the process of developing and deploying...
- ROI Benefits from Automating Application Delivery Solutions One of the key tenets of a modern data center is the ability to leverage technologies that enable automation in order to accelerate...
- Video moves into IT's sweet spot Moving onto shared IT infrastructure, as well as mobile devices, video technology is finding its way into a wide range of organizations and...
- What Is The Cloud Doing To Your Data Center? In this webcast, we'll look at ways you can distill cloud computing down to principles that you can apply to how you manage...
- Unbox Your Load Balancer Your applications are getting more distributed, virtualized and pushed into the cloud today. But as the world progresses to multi-cloud deployments and sophisticated... All Infrastructure Management White Papers | Webcasts