Authentication Services 4.1.5 - Mac OS X/macOS Administration Guide

One Identity Privileged Access Suite for Unix Installation The Authentication Services Mac OS X components Configuring the Authentication Services client Special Mac OS X features Authentication Services limitations on Mac OS X Authentication Services Group Policy for Mac OS X Certificate Autoenrollment

Add wireless profiles

The Wireless Profiles tab settings control user options associated with wireless networks.

To add wireless profiles

  1. From the Wireless Networks tab, click Add to open the Wireless Network dialog.
  2. Enter the name of the wireless profile in the Name box.
  3. Enter the SSID of the wireless network to which this profile applies in the SSID box.
  4. Select the type of wireless network from the Type drop-down list.
  5. Select the authentication type options that apply to this profile from the Authentication list.
  6. If you want users to be prompted for their password each time they connect to a wireless network, select the Always prompt for password option.
  7. Click the Up or Down buttons to reorder the wireless profiles.

    Wireless profiles are added to the user profiles list on Mac OS X systems in the order listed in the policy.

Preference Manifest settings

The Preference Manifests node lists applications and settings that you can manage using preference manifests. Policy items contained in this node are specific to the Macintosh operating system. A preference manifest is a file that describes application settings and makes them manageable. Application developers create preference manifest files to make their application’s settings available for management through the Preference Manifests node.

When you install Group Policy console extensions, it creates preference manifests in sysvol at the following location:

Policies\Quest Software\Preference Manifest

In order to reduce GPO size, Preference Manifest files are stored in the GPT under the Policies\Quest Software\Preference Manifest folder. All of the Preference Manifest files found there are displayed in the Preference Manifests node. If the folder does not exist in the GPT, Preference Manifest files are loaded from the local installation directory.

Apple provides preference manifests for many built-in applications and systems. Group Policy includes preference manifests for Microsoft Office applications and other common third-party applications. You can also import custom preference manifests for policy configuration. The Authentication Services installation process adds Mac OS X, Workgroup Manager, and Preference Manifest Settings nodes to both the Computer Configuration and User Configuration nodes and stores all the Authentication Services for Mac OS X Desktop policies there.

Related Topics

Add a preference manifest

Add a Preference Manifest

You can add a preference manifest file to the Preference Manifests node in Group Policy Object Editor (GPOE)

To add a preference manifest

  1. Right-click on the Preference Manifests node and select Add/Remove Preference Manifests from the menu.

    The Add/Remove Preference Manifest dialog is displayed.

  2. Click Add to browse for the preference manifest file that you want to load.
  3. Click Load Defaults to reset the list to the default set of preference manifests.
  4. Click Remove to remove the selected preference manifests.
  5. Click OK to save changes and close the Add/Remove Preference Manifest dialog.

    The Preference Manifest view is updated to reflect the changes.

Certificate Autoenrollment

Certificate Autoenrollment is a feature of Authentication Services 4.1 based on Microsoft Open Specifications. Certificate Autoenrollment allows Mac OS X/macOS® clients to take advantage of existing Microsoft infrastructure to automatically enroll for and install certificates. Certificate policy controls which certificates are enrolled and what properties those certificates will have.

With Certificate Autoenrollment, a public/private key pair is automatically generated according to certificate template parameters defined in Group Policy. The public key is sent to the Certification Authority (CA) and the CA responds with a new certificate corresponding to the public key which is installed along with the private key into the appropriate system or user keychain on the Mac client.

You can use Group Policy to automatically configure which certificate enrollment policy servers to use for Certificate Autoenrollment and to periodically run Certificate Autoenrollment.

This section explains the system requirements for Certificate Autoenrollment and walks you through policy setup as well as client-side usage and troubleshooting.

Related Documents