Chat now with support
Chat with Support

Safeguard Authentication Services 4.2 - Mac OS X/macOS Administration Guide

One Identity Privileged Access Suite for Unix Installation The Authentication Services Mac OS X components Configuring the Authentication Services client Special Mac OS X features Authentication Services limitations on Mac OS X Authentication Services Group Policy for Mac OS X Certificate Autoenrollment

Authentication Services Group Policy for Mac OS X

With Authentication Services you can manage your Mac OS X clients using Group Policy. Authentication Services includes Group Policy extensions to manage preferences just as you would with Workgroup Manager. In addition, Authentication Services supports custom policies based on Preference Manifests.

Authentication Services Group Policy includes support for Mac OS X. Using Authentication Services you can manage your Mac OS X through Group Policy. This eliminates the need to set up additional Mac OS X Servers for Mac OS X client management. Mac OS X policy settings are applied using Profile-based policies.

Profile-based policy takes advantage of the Configuration Profile infrastructure provided by Apple. Policy settings are defined in Group Policy and downloaded to Mac OS X clients where the settings are assigned to Configuraiton Profiles, which apply the settings to various configuration files on the Mac OS X.

Profile-based policy

Profile policy settings are divided into two categories: Workgroup Manager Settings and Preference Manifest Settings.

The Workgroup Manager settings are designed to look and feel like the Workgroup Manager application. If you are familiar with Workgroup Manager from Mac OS X server, it should be easy to transition to Group Policy. Settings for Applications, Classic, Dock, Energy Saver, Finder, Login, Media Access, Network, Parental Controls, Printing, Software Update, System Preferences, Time Machine and Universal Access are included. Authentication Services supports the Never, Always and Once policy application options. You can apply settings to users or computers. With standard Group Policy security filtering, you can restrict settings to specific groups of users or computers.

Authentication Services also includes support for Preference Manifest files. Preference Manifest files describe application settings you can manage centrally. Many standard Mac OS X Preference Manifest files are included by default such as iChat, Mail, Sidebar, Time Zone and iTunes. You can import additional Preference Manifest files at any time, increasing the number of applications and features that you can manage.

On the Mac OS X agent, Group Policy integrates with the Configuration Profile subsystem according to Mac OS X best practices. This ensures that policy settings are applied correctly and appropriately to each new release of Mac OS X.

Mac OS X management modes

The following management modes exist for Mac OS X policy settings:

Table 1: Mac OS X: Management modes
Mode Description
Never This mode means that the settings do not apply. This is equivalent to disabling the policy. This is the default mode.
Once In this mode, policy settings are applied one time. Users can remove the Configuration Profile. This mode functions as a default value.
Always In this mode, policy settings will always apply. Users cannot remove the Configuration Profile.

Workgroup Manager settings

Authentication Services provides Group Policy extensions that mirror the functionality available in Apple Workgroup Manager console. Workgroup Manager Settings are located in the Mac OS X Settings folder (or in the Policies folder, if you are using the new Group Policy Management Editor.)

For additional information about any of the topics covered in this section, refer to Chapter 10: Managing Preferences in the Mac OS X Server User Management manual available from Apple. Apple's User Management guide is written for Workgroup Manager, but most of the settings and information also apply to Group Policy for Mac OS X.

To open the properties of the various settings described in this section

  1. Start the Group Policy Management Editor and navigate to the Mac OS X Settings directory under either Computer Configuration or User Configuration.
  2. Double-click the Workgroup Manager Setting to open its properties.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating