Chat now with support
Chat with Support

Safeguard Authentication Services 4.1.5 - Mac OS X/macOS Administration Guide

One Identity Privileged Access Suite for Unix Installation The Authentication Services Mac OS X components Configuring the Authentication Services client Special Mac OS X features Authentication Services limitations on Mac OS X Authentication Services Group Policy for Mac OS X Certificate Autoenrollment

Access tab

The Access tab settings of the Login Properties control which users are allowed to log in and support the following management modes: Never, Always.

Authentication Services provides unified access control across all supported Unix platforms including Mac OS X. Because of this, you should use the Authentication Services access control policies to manage access control. The access control policies are found in the Access Control node in the Quest Software folder under Unix Settings.

The following option is supported:

  • Local-only users may login

    Select to allow local users to log in; leave this option deselected to only allow Active Directory users to log in.

Scripts tab

The Scripts tab settings of the Login Properties control scripts that run at login and logout; and, support the following management modes: Never, Always.

You can specify shell scripts that you want to execute when a user logs in or out on Mac OS X. Scripts are stored in the policy settings so you can browse to local files or remote hosts to select the script to use. Scripts configured through Group Policy run as root with the trust value of FullTrust.

Note: Test scripts thoroughly before deploying them with Group Policy.

The following options are supported:

  • Login script

    Specify the script to execute when the user logs in.

  • Also execute the client computer's LoginHook script

    Select to allow the LoginHook script to execute. The LoginHook script is a locally configured script that runs at login.

  • Log-Out script

    Specify the script to execute when the user logs out.

  • Also execute the client computer's LogoutHook script

    Select to allow the LogoutHook script to execute. The LogoutHook script is a locally configured script that runs at log-out.

Items tab

The Items tab settings of the Login Properties, control items that are started automatically when a user logs in and support the following management modes: Never, Once, Always.

Note: The Items tab is only available in Users Configuration.

Refer to Add login items to run items automatically when a user logs in.

The following options are supported:

  • User may add and remove additional items

    Select to allow users to add and remove additional items by means of local configuration. You can only configure this option if the management mode is set to Always.

  • User may press Shift to keep items from opening

    Select to allow users to press shift to prevent items from opening automatically. You can only configure this option if the management mode is set to Always.

  • Merge with user's items

    Select to merge the configured items with the user's items. You can only configure this option if the management mode is set to Once.

Add login items

Note: This procedure shows you how to add an item that starts automatically from the Items tab.

To add login items

  1. Click Add to type the full path to the volume, document, folder or application. Alternatively, you can click Browse to browse for the path to the item on a remote Mac OS X system. Items open in the order they are listed.
  2. Select the Hide option and to start the item in a minimized state on the Dock. This prevents screen clutter when starting several items while still making the items easily accessible.
  3. Click Apply.
Related Documents