I wonder what’s in the works for this downtime?
Dear Greg D,
This comment is in response to your comment on Digg asking 4 questions about how Macs can live in an enterprise environment. I’m sorry if this isn’t the best place to let you know this, but I couldn’t think of any other place to let you know this. Your first and last questions were answered well enough; I can provide you with more information if you desire.
In response to your second and third questions, I would like to help you:
“2. Does mac have anything that compares to Group Policy?
The ability to lockdown, prevent, change, etc., through the use of GPOs, in a central location, saves me so much time and energy, I couldn’t even begin to tell you how much. Folder redirection, workstation lockdown, registry changes, software updates, the list goes on…
Does mac have anything to manage patches on an enterprise level? The ability to manage them, approve or deny them, etc., from a central location?”
2: I can’t be sure of what a group policy is, but OS X by default (even in non-enterprise environments) does not allow a non-admin user to change anything outside of their home folder. This includes installing software, changing preferences, or deleting essential system software. Many preference panes (the OS X equivalent of Control Panel) lock out non-admin users and require an admin password for entry. In addition, using the Server Admin software included with OS X Server, entire preferences, applications, and locations can be disabled. Specific preferences such as background wallpaper or screensaver are easily locked, but the mechanism to do this and can apply a locked preference to ANY program that uses the standard XML .plist file (to my knowledge, there aren’t any that don’t). I cannot possibly tell you everything about OS X in this regard from the top of my head, so I suggest to you that you take a look at http://www.apple.com/server/macosx/ , especially the freely available System Administrator Software Manuals in pdf format. Also check out Apple Remote Desktop. It provides mechanisms for administrating many computers at once, including installing software remotely and preforming scans.
3: I can only assume that “WSUS” stands for “Windows Software Update Server” and, yes, there is something EXACTLY like that in OS X. If you have a server running OS X Server 10.4, it includes all the necessary software to mirror updates provided by Apple on a local server while enabling or disabling specific updates and increasing speeds. There is currently not an option to use this server for non-apple updates, but Apple Remote Desktop does pick up much of this slack by providing ways to push files to any/all Macs on the network.
I encourage you contact me if you have any further questions. I do not work for Apple or at a company that employs Macs. However, I did just graduate from a high school that uses nothing but Macs in all but the most dire circumstances. I worked closely with the IT Staff for 2 years learning all I could about the administration of an all Mac network, in addition to reading much of the OS X server documentation. I wouldn’t call myself an expert, but I do feel that I could point you in the right direction for any questions you might have.
Thanks for taking the time to answer my questions.
Have a look at the Wikipedia entry for GPOs and it will give you a much better definition of them than I can give you in a comment. But it goes a lot further than just permitting or denying changes to software. GPOs in my humble little opinion, are one of the greatest assets to managing an enterprise. I’d love to see Apple come up with something comparable.
Fill in your details below or click an icon to log in:
You are commenting using your WordPress.com account. ( Log Out / Change )
You are commenting using your Twitter account. ( Log Out / Change )
You are commenting using your Facebook account. ( Log Out / Change )
You are commenting using your Google+ account. ( Log Out / Change )
Connecting to %s
Notify me of new comments via email.