Chat now with support
Chat with Support

Safeguard Authentication Services 5.0.2 - macOS Administration Guide

Privileged Access Suite for Unix Installation Safeguard Authentication Services macOS components Safeguard Authentication Services client configuration Special macOS features Limitations on macOS Group Policy for macOS Certificate Autoenrollment Glossary

Time Machine tab

The Time Machine tab settings control the Time Machine application and support the following management modes: Never, Always.

Time Machine is an application that performs network backup of local machine applications and data.

The following options are supported:

  • Backup Server

    Specify the URL of the Time Machine backup server in the form: afp://someserver.company.com/Backups/. Refer to the Apple documentation for more information about AFP and Time Machine backup servers.

  • Back up

    Specify which volumes to back up. You can choose to back up Startup volume only or All local volumes.

  • Skip system files

    Select to skip system files. System files are operating system files installed when you install macOS. Selecting this option significantly reduces the amount of storage space used for backups. However, if you do not back up system files, you will need to install the operating system when performing a full restore.

  • Backup automatically

    Select this option to force automatic backups.

  • Limit total backup storage to

    Enter the backup storage limit in megabytes. If the backup limit is reached, no more data is backed up.

Wireless Profile Properties

Wireless settings allow you to configure networks and profiles used by AirPort on macOS systems. The Wireless Profile Properties settings allow you to control wireless user profiles for macOS.

To open the Wireless Profile properties page

  1. In the Group Policy Object Editor, navigate to User Configuration | Policies | Mac OS X Settings | Profile Manager Settings.

    Wireless Networks apply only to users.

  2. Double-click the Wireless Networks node.
Related Topics

Adding wireless profiles

Adding wireless profiles

The Wireless Profiles tab settings control user options associated with wireless networks.

For the AD certificate and certificates profile, you can use a certificate created by vascert to work with Network preferences. One scenario for this is for a computer to use QoS supportive adaptive polling (QAP) protocol for wirelesswireless network. For more information, see vascert command reference.

To add wireless profiles

Click the Up or Down buttons to reorder the wireless profiles. Wireless profiles are added to the user profiles list on macOS systems in the order listed in the policy.

  1. From the Wireless Networks tab, click Add to open the Wireless Profiles dialog.
  2. On the Networks tab:
    1. Enter the name of the wireless profile in the Name box.
    2. Enter the SSID of the wireless network to which this profile applies in the SSID box.
    3. Select the type of wireless network from the Security Type drop-down list.
    4. Select the authentication type options that apply to this profile from the Protocols list.
    5. Select Hidden Network to allow users to join a network whose name is not broadcast.
    6. Select Auto Join so the network is joined automatically. If unselected, the user must click the network name to join it.
  3. On the Proxy tab:

    1. Select the Proxy settings from the drop-down list. None is the default.
    2. Enter the Proxy server and port.
    3. Enter the Username (optional).
    4. Enter the Password (optional).
    5. Enter the Proxy Server URL.
    6. Select Allow direct connection if PAC is unreachable, if desired.
  4. On the Protocols tab:
    1. In the EAP-FAST section, identify the configuration of Protected Access Credentials (PAC) by selecting any combination of the following:
      • Use PAC
      • Provision PAC
      • Provision PAC Anonymously
    2. Select Allow only two RAND values with EAP-SIM, if desired.
    3. Select the TTLS authentication protocol from the drop-down list.
    4. Identify Externally visible.
    5. Select the TLS minimum version from the drop-down list.
    6. Select the TLS maximum version from the drop-down list.
  5. On the Identity and Authentication tab:
    1. Select Use two factor authentication, if you will use a second authentication.
    2. Select Authenticate with host's directory credentials, if desired. If selected, enter the Username and Password.
    3. In Identity Certificate, note that you must have vascert on the client to use certificate identity. Select any combination of check boxes, as appropriate:
      • Create a certificate identity with vascert
      • Allow all apps to access the private key
      • Allow a user to extract the private key from the keychain

Preference Manifest settings

The Preference Manifests node lists applications and settings that you can manage using preference manifests. Policy items contained in this node are specific to the Macintosh operating system. A preference manifest is a file that describes application settings and makes them manageable. Application developers create preference manifest files to make their application’s settings available for management through the Preference Manifests node.

When you install Group Policy console extensions, it creates preference manifests in sysvol at the following location:

Policies\Quest Software\Preference Manifest

In order to reduce GPO size, Preference Manifest files are stored in the GPT under the Policies\Quest Software\Preference Manifest folder. All of the Preference Manifest files found there are displayed in the Preference Manifests node. If the folder does not exist in the GPT, Preference Manifest files are loaded from the local installation directory.

Apple provides preference manifests for many built-in applications and systems. Group Policy includes preference manifests for Microsoft Office applications and other common third-party applications. You can also import custom preference manifests for policy configuration. The Safeguard Authentication Services installation process adds macOS, Workgroup Manager, and Preference Manifest Settings nodes to both the Computer Configuration and User Configuration nodes and stores all the Safeguard Authentication Services for macOS Desktop policies there.

Related Topics

Adding a preference manifest

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating