고정 헤더 영역
상세 컨텐츠
본문
Jan 23, 2018 - Group Policy Objects (GPOs) are some of the most valuable functions of the Microsoft® Active Directory® (AD) platform. The trouble is that GPOs only work for Windows® systems. This cloud-based directory can provide GPO-like capabilities, but for cross platform system environments (e.g. Windows, Mac, Linux).
Group Policy Object Ldap //cn=machine
Question: Whenever a major new version of macOS is released, it is necessary to update the Centrify agent first, before the OS itself is updated. If the OS is updated before the agent, it can lead to an environment where the agent version is no longer compatible with the OS; potentially blocking AD users from being able to login to the machine again. This can be fixed by logging into the Mac with a local administrator account and manually updating the Centrify agent. Is there a way to prevent users from updating their OS before IT can determine version compatibility?
Group Policy Objects For School District
Answer: macOS updates are applied using a Mac executable called ' InstallAssistant'. As with any app on the system - if the CFBundleIdentifier string of the executable can be retrieved - then the app can be blocked from executing via the Centrify Application Access Group Policies. Notes: For more information on locating CFBundleIdentifiers, see the following KB: To block users from updating macOS to High Sierra, Sierra or El Capitan releases, use the below steps. If High Sierra has already been installed over an incompatible version of the Centrify agent and login is failing, please see (Centrify login required).
Every Group Policy Object includes several default Windows-based group policy categories and default Windows-based administrative templates for user and computer configuration. Most of the settings in the default Windows policies and administrative templates only apply to Windows computers and Windows user accounts. However, some of the common Windows configuration settings for password enforcement, such as the policies for minimum password length and complexity, do apply to Mac computers.
If these settings are enabled for a Group Policy Object applied to a site, domain, or OU that includes Mac OS X computers, the settings are enforced for Mac users and computers.
