[ulnanVti]

Hello all, the music department where I work has got some lovely 20" imacs in. Unfortunately we havent really done much mac support in the past as we've only had three machines that were used now and then under supervision. Now we have a class of them and want them on our AD network, but want to also lock out certian bits.

If anyone has any tips, suggestions, idea or links it would be greatly appreciated!

Ta!

[escolubtessen]

You should be able to add them to the domain OK and setup user accounts. But if you want to do much more than that, I think you will need an Apple server (OS X Server).

[ulnanVti]

Ahh, I wasnt sure. Yeah, we got them talking nicely.

Is there anything you would recommend disabling? These will be used by kids from the ages of 11 to 18, so anything you think that could be potentially a pain for us to fix would be a good idea.

[DiBellaBam]

It's been a while since I have even touched a mac, but when I set up a lab for the school I worked at there was something in the User Account section (No idea how to get to it now though), that would let you control access to programs, the desktop, and other items. I had them pretty much locked down so students couldn't try to install or delete programs or get rid of the icons on the desktop.

[escolubtessen]

Ahh, I wasnt sure. Yeah, we got them talking nicely.

Is there anything you would recommend disabling? These will be used by kids from the ages of 11 to 18, so anything you think that could be potentially a pain for us to fix would be a good idea.

I would just disable the system panel, lock the dock and disable access to the utilities folder in applications.

Making sure they have read-only access to everything except the desktop and documents folder would also be good, although I think this is the default setting unless you are an admin.

[Sillaycheg]

Ahh, I wasnt sure. Yeah, we got them talking nicely.

Is there anything you would recommend disabling? These will be used by kids from the ages of 11 to 18, so anything you think that could be potentially a pain for us to fix would be a good idea.

If they run leopard the parental controls section let's you do almost anything you want as far as limiting stuff goes. But what the above posters mentioned would be good. May also want to filter internet/block who they can chat/email too. Or block iChat all together.

[SergeyLisin]

It's been a while since I have even touched a mac, but when I set up a lab for the school I worked at there was something in the User Account section (No idea how to get to it now though), that would let you control access to programs, the desktop, and other items. I had them pretty much locked down so students couldn't try to install or delete programs or get rid of the icons on the desktop.

That'll be an Organizational Unit :-

http://support.microsoft.com/kb/308194

You just create a new OU in Active Directory/Users and adjust permissions in there. Or just adjust the main group policies.

As for Mac's on AD, should be pretty straightforward :-

http://www.apple.com/itpro/articles/adintegration/

[DiBellaBam]

That'll be an Organizational Unit :-

http://support.microsoft.com/kb/308194

You just create a new OU in Active Directory/Users and adjust permissions in there. Or just adjust the main group policies.

As for Mac's on AD, should be pretty straightforward :-

http://www.apple.com/itpro/articles/adintegration/

Wasn't talking about an OU....I know what an OU is . I'm actually a network admin on a server 2003 AD environment. I was referring to the parental controls section that was mentioned above. The environment when I was working in the school with the macs was a Novell environment so I had to use parental controls to do any kind of locking down on the macs.

It was actually quite a learning experience. I got handed a mac lab that needed Tiger installed and Internet access plus security. Having had absolutely no Mac experience it was a little daunting at first, but I got it figured out eventually. Hardest part was getting the right discs from Apple. They sent me 6 or so before I got one that would allow me to install the OS.

[SergeyLisin]

Wasn't talking about an OU....I know what an OU is , thanks for the lesson though. I'm actually a network admin on a server 2003 AD environment. I was referring to the parental controls section that was mentioned above. The environment when I was working in the school with the macs was a Novell environment so I had to use parental controls to do any kind of locking down on the macs

Sorry, no problem, I didn't mean to patronize...

I shudder when I think going back to the days when Novell was more common, but there was a kind of fuzzy logic to NDS and it still has many parallels to AD, but I hated logon scripts with a passion..

[DiBellaBam]

Sorry, no problem, I didn't mean to patronize...

I shudder when I think going back to the days when Novell was more common, but there was a kind of fuzzy logic to NDS and it still has many parallels to AD, but I hated logon scripts with a passion..

I really did like Netware and NDS and am a big fan of SLES and eDirectory. Not many touch Novell's new stuff in my area though. Even "old" netware certified admins don't want to touch their new stuff because it runs on the "inferior" linux. Yes, I've actually heard that. They would rather run Netware 6.5 than SLES.

I have set up a few Groupwise servers on SLES and love that set up. I'd take that over MS Exchange any day.

[ulnanVti]

Im glad idchoppers and powerarmour had a nice little reminise about old networks!

Parental controls only work for local accounts it would seem, they have no affect on AD logins/users.

Is there a way to actually disable certian bits of hardware like bluetooth and Airport?

[SergeyLisin]

I have set up a few Groupwise servers on SLES and love that set up. I'd take that over MS Exchange any day.

I agree, and I wish I could go down that route myself, but I've too many MS apps to support at the moment on our servers, and too much reliance on exchange and terminal services unfortunately.