Solutions
Centrify Your UsersSSO for SaaS & AppsSSO for Mobile AppsSSO for Mac & LinuxSmart Card Authentication
Centrify Your SecurityPrivileged User ManagementAccess ControlServer Isolation & EncryptionSecurity Policy EnforcementServer Auditing
SOXPCIFISMANERC
Centrify Your ITActive Directory BridgingNIS-to-Active-Directory MigrationMobile Security ManagementMac ManagementCross-Platform Group Policy
Federal Government
OverviewFISMA
Products
Centrify for ServersDirectControlDirectAuthorizeDirectAuthorize for WindowsDirectAuditDirectAudit for WindowsDirectSecureDirectManageCentrify Suite 2013Centrify Suite Editions
Centrify for Mac & MobileDirectControl for MacCentrify for MobileMobile Authentication Services
Centrify for SaaS & AppsCentrify for SaaSCentrify for Java & WebCentrify for SAPCentrify for Databases
5-Minute Demos
At-a-Glance Overviews
Want to Give It a Try?
Request a Trial or Ask for Question
Services
Services OverviewJumpStart PackagesOnsite TrainingOnline TrainingFree Online TrainingRequest More Info
Support
Customer Support PortalBenefits of Technical Support
Partners
Find a Centrify Reseller PartnerTechnology PartnersCentrify & MicrosoftCentrify & SamsungIndustry Alliances
How to Work with CentrifyPartner ProgramsPartner Application FormReferral ProgramReferral Registration FormOEM OpportunitiesPartner Network Login
Resources
Centrify Suite ResourcesRemote Access Tools for Linux & UNIXActive Directory Integration for Storage SystemsCentrify Suite Deployment & Migration ToolsCentrify Cloud ToolsCentrify Suite Integration with Provisioning SystemsCentrify Suite Reporting ToolsVideo Chalktalk LibraryCentrify WebinarsCustomer Success StoriesWhite Papers & Datasheets
Centrify BlogsCentrify BlogCentrify TechnovationsLeveraging MicrosoftThe Centrify Apple GuysCentrify Express CommunityCentrify RSS Feeds
About Us
Corporate OverviewExecutive ManagementInvestorsContact UsJobs at Centrify
News
News & Events OverviewPress ReleasesAwards & ReviewsCalendar of EventsWhat the Press SaysWhat the Analysts Say

Group Policy for Mac OS X

Centrally lock down and configure Mac OS X desktops using Windows Group Policy

Having had the opportunity to work with both the existing set of Group Policies and to see a preview version of the ... expanded set, I was amazed at Centrify's success. The experience of managing Macs was exactly the same as managing Windows computers using Group Policies.

Ryan Faas, ComputerWorld

Centrify DirectControl enables IT managers to centrally secure and configure Mac systems through Windows Group Policy. Because Mac systems are used primarily as workstations, Centrify has enriched its existing DirectControl for Mac OS solution with a set of policies that have been tailored to the needs of IT managers who are responsible for the security and configuration of these systems. Using the same Windows Active Directory tools they use today for Windows systems, IT managers can set security and configuration policies for GNOME desktops without needing deep platform-specific knowledge.

Group Policy support is built into the core DirectControl for Linux product; there is no additional software to license, install or configure. See Group Policy for UNIX, Linux and Mac for a general overview of how Group Policy works on non-Windows systems.

With DirectControl you can deploy Group Policies to remote Mac systems using the native Active Directory Group Policy tools. DirectControl already comes with more out-of-the-box policies than any other solution, and DirectControl for Mac OS enriches the base set with additional workstation-related security and configuration policies.

Centrify-managed Macs can automatically detect if a Windows Group Policy requires machine certificates to be present. The Mac will then automatically request, download and install a machine certificate into the OS X keychain and make it available for services such as 802.1x and VPN.

When a certificate reaches its expiration lifetime, DirectControl automatically requests a new certificate and updates the certificate in the keychain.

  • 802.1X configuration management is provided by Apple's Profile Manager in Lion 10.7.
  • 802.1X configuration support for 10.6 is provided as a Centrify Group Policy.

Summary of Major Computer Policies

Category Example Policies
Security
  • Require password to unlock each secure system preference
  • Disable automatic login
  • Use Secure Virtual Memory
  • Log out after n number of minutes of inactivity
  • Enable smart card login
  • Require smart card login
Sharing Services
  • Firewall Settings
  • Enable the firewall
  • Firewall settings (to turn on|off firewall for each service)
  • Block UDP traffic
  • Enable firewall logging
  • Enable stealth mode
  • Services settings (to turn on|off sharing for each service)
Network
  • Adjust list of searched domains
  • Adjust list of DNS servers
  • Enable proxies (FTP, HTTP, HTTPS, etc.)
  • Configure proxies
Firewall Settings
  • Enable the firewall
  • Firewall settings (to turn on|off firewall for each service such as iChat, etc.)
  • Block UDP traffic
  • Enable network time
  • Enable firewall logging
  • Enable stealth mode
Internet Sharing
  • Disallow all Internet sharing
Accounts
  • Display Login Window settings
  • Show the Restart, Sleep and Shutdown buttons
  • Set the Display Banner
  • Control the login Window to show either Name and Password or List of users
  • Control password hint display
  • Enable fast user switching
  • Map Zone admin groups to local admin groups
Energy Saver Settings
  • Configure different energy saver settings listed below for both AC Power and Battery power
  • Put display to sleep if inactive
  • Put computer to sleep if inactive
  • Put the hard disk(s) to sleep when possible
  • Wake when the modem detects a ring
  • Wake for Ethernet network administrator access
  • Allow power button to sleep the computer
  • Restart automatically after a power failure
Software Update Settings
  • Automatically download and install software updates
  • Specify software update server

Summary of Major User Policies

Category Example Policies
Application Access
  • Control access to specific applications, including the Mac App Store
  • Control access to UNIX tools and utilities
Desktop & Screen Saver
  • Enforce screen saver
  • Screen saver timeout
Dock Settings
  • Dock size, magnification and position on screen
  • Animation for application opening
  • Auto hide the Dock
  • Control applications displayed in the Dock
  • Lock the Dock
Media Access Controls
  • Control access to CDs, CD-ROMs and DVDs
  • Control access to recordable disks
  • Control access to external disks (including USB Flash disks and iPods)
Mobility Sync Settings
  • Control home directory synchronization
  • Control sync at login/logout as well as background
  • Control what items will be synced and skipped
Security
  • Require password to wake this computer from sleep or screen saver
Software Updates
  • Enable automatic software updates
  • Specify the Software Update Server for all updates
System Preference Settings
  • Limit which items will be shown in the System Preferences
  • Control display of each item in System Preferences
Next Steps

Take A Test Drive

Request a free, fully functioning version of the Centrify Suite.