For the better part of my IT career I have been around Windows environments (for better or worse, your call). With Microsoft being so enterprise centered Active Directory has always been a staple in most environments large enough to need some control, and for the most part it works very well.
The comes the first Apple devices on your network, and control becomes a four letter word. Going through this experience over the past year has been challenging but I think I have finally figured out a few things that if you know before going in will help the transition that much easier. I'll keep these brief and to the point, hoping they help you out.
1. A Mac Server with Profile Management is no Group Policy for AD. It's clunky, messy, and a pain to setup
2. Control will be limited so be prepared have to limit your options.
3. Some preferences don't have all the controls that are on the client machine. So if you can only check a box and the users machine shows a check box and a timer option, you'll need to manually set the timer option before pushing out the profile. (Fail on Apple's part)
4. You will loose some hair in the process. I had to wipe our server twice and get a contract IT company to deal with Apple over the phone to setup the Trust Profile because I couldn't waste any more time on the darn thing.
Just be prepared, take your time, and test it out long before you deploy your first Apple machine and you might just make it through without going bald. It is worth it, if for nothing else than setting one option: screen timeout / password prompt. Security is worth every penny these days, and a basic feature like screen timeouts are an easy way to start.
Lessons from an IT Network Administrator to help simplify your life.
No comments:
Post a Comment