Chat now with support
Chat with Support

Safeguard Authentication Services 4.2 - Mac OS X/macOS Administration Guide

One Identity Privileged Access Suite for Unix Installation The Authentication Services Mac OS X components Configuring the Authentication Services client Special Mac OS X features Authentication Services limitations on Mac OS X Authentication Services Group Policy for Mac OS X Certificate Autoenrollment

Window tab

The Window tab settings of the Login Properties control the appearance of the login window such as the heading, message, which users are listed if the "List of users" is specified, and the ability to restart or shut down. Window tab settings supports the following management modes: Never, Once, Always.

The following options are supported:

  • Heading

    Select an item to display at the top of the login window.

  • Message

    Enter a message to display in the login Window.

  • Style

    Set the following options to modify the login window style:

    • Name and password text fields

      To only display the user name and password text boxes.

    • List of users able to use these computers

      To display a graphical list of users that are allowed to log in.

      Note: Users can click the account to use for log in and will be prompted for a password. You can set additional options to control which users are displayed in the list.

    • Show Other

      To allow users to log in using the name and password text fields.

    • Show Restart

      To display the restart button in the login window.

    • Show Shut Down

      To display the shut down button in the login window.

Options tab

The Options tab of the Login Properties controls miscellaneous login-related options and support the following Manage Modes: Never, Always.

The following options are supported:

  • Show password hint when needed and available

    All Authentication Services users always have a password hint of "Active Directory Domain Password" by default. This hint is configurable in the Authentication Services configuration policy. Users are never allowed to set a password hint on a Authentication Services account. Local or non- Authentication Services accounts may have a password hint which was intentionally set by the user to remind them of their password.

  • Enable automatic login

    Select to configure the operating system to boot directly to the desktop without presenting the user with a login screen. The operating system boots using the automatic login account configured locally under System Preferences, Accounts.

  • Enable console login

    By default users can type >console at the login window to drop to a terminal login. This setting allows you to disable the ability to drop to a terminal login.

  • Enable Fast User Switching

    Select to display the logged in user's name in the right-hand corner of the desktop. Selecting on the user name allows the user to switch to another account without logging out of their current desktop session.

  • Log out users after X minutes of inactivity

    Select to automatically log out a user if he has been inactive for the specified number of minutes.

  • Local administrators may refresh or disable management

    Select to allow administrators to disable or refresh login window management settings.

  • Set computer name to computer record name

    This setting affects the computer’s Bonjour name. The new Bonjour name is name-#.local where name is the computer record name you specify and # uniquely identifies the computer if there are several computers with the same Bonjour name.

  • Enable external accounts

    Select to store external accounts on removable storage devices such as a thumb-drive. You must insert the removable device before an external account can log in.

  • Enable guest account

    Select to enable a guest account to log in without a password. When the guest user logs out, the home directory, documents and settings are removed from the system.

  • Start screen saver after X minutes

    Select to modify your screen saver setting.

Access tab

The Access tab settings of the Login Properties control which users are allowed to log in and support the following management modes: Never, Always.

Authentication Services provides unified access control across all supported Unix platforms including Mac OS X. Because of this, you should use the Authentication Services access control policies to manage access control. The access control policies are found in the Access Control node in the Quest Software folder under Unix Settings.

The following option is supported:

  • Local-only users may login

    Select to allow local users to log in; leave this option deselected to only allow Active Directory users to log in.

Scripts tab

The Scripts tab settings of the Login Properties control scripts that run at login and logout; and, support the following management modes: Never, Always.

You can specify shell scripts that you want to execute when a user logs in or out on Mac OS X. Scripts are stored in the policy settings so you can browse to local files or remote hosts to select the script to use. Scripts configured through Group Policy run as root with the trust value of FullTrust.

Note: Test scripts thoroughly before deploying them with Group Policy.

The following options are supported:

  • Login script

    Specify the script to execute when the user logs in.

  • Also execute the client computer's LoginHook script

    Select to allow the LoginHook script to execute. The LoginHook script is a locally configured script that runs at login.

  • Log-Out script

    Specify the script to execute when the user logs out.

  • Also execute the client computer's LogoutHook script

    Select to allow the LogoutHook script to execute. The LogoutHook script is a locally configured script that runs at log-out.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating