Centrify for Mac

Group Policy for Mac OS X

Centralized security policy enforcement with Group Policy

Centrify provides the industry's most comprehensive set of policy-based controls for configuring and securing Mac systems, whether they are managed locally on-premise or remotely via the Centrify Cloud Service.

  • Comprehensive Group Policy-based management automates computer and user configuration and policy enforcement.
  • Hybrid on-premise and cloud-based management for local and remote Macs includes Remote Lock or Wipe feature.
  • Automated certificate management provides strong authentication to wired and wireless networks.
  • Automated FileVault 2 configuration protects data at rest through full-disk encryption supporting institution recovery.
  • Comprehensive enterprise system configuration controls:
    • Services
    • Firewall
    • Internet sharing
    • Network configuration for DNS, proxies
    • Login scripts
    • Automount configuration to simplify user access to network shares
  • Robust classroom configuration and policy enforcement
    • Desktop lockdown with controls for Finder, storage media, preferences and applications
    • Network home directories on AFP, SMB or DFS shares
    • Seamless enterprise access to file servers, printers and applications

Comprehensive Group Policy-Based Management

Policy Management
Policy Management

IT administrators can use familiar Windows Group Policy tools to set a wide array of Mac security and configuration settings. On Macs enrolled in the Centrify Cloud Service, they can also push Mac profile settings to remote systems.

Group Policy enforcement of centrally defined security policies enables IT to meet compliance requirements. Group Policies are enforced using a combination of approaches to update plist files and standard config files, to enforce MCX settings and even to create profiles for local enforcement. Additionally, the Centrify Cloud Service can enforce several security policies and configure access to company resources through delivery of profiles and certificates to remote Mac and mobile devices, empowering IT to embrace "bring-your-own-device" initiatives. Centrify provides a complete set of policy and configuration settings to enable Windows-centric admin staff to manage all aspects of the Mac as well as mobile devices leveraging the processes and skills of a familiar infrastructure, Group Policy.

Detailed Mac OS X Policies

Detailed Mac OS X Policies

Computer Policies On-Premise Policy Cloud Policy
802.1x Settings for Wi-Fi, System and Login Profiles
Account control over Login Window and Local Admins
Crontab entries
Copy files
Custom settings
Energy saver
Internet sharing
Local account password settings
Remote management access controls
Run commands
Scripts for login and logout
Security and privacy for smart card and FileVault 2
Software update settings
SSH settings
Sudoer privilege settings
User Policies On-Premise Policy Cloud Policy
802.1x user profiles
Application access settings
Automount settings
Calendar configuration
Contacts configuration
Dock settings
Folder redirection
Import settings for third-party apps
LDAP configuration
Login settings
Mail configuration
Media access rights
Mobility settings
Printer configurations
Screen saver settings
Security and privacy
System preference settings
VPN configuration

Detailed Mobile Device Policies

Common Mobile Settings

  • Passcode settings for the device lock
  • Restrictions for jailbroken devices, camera and location reporting
  • Device encryption settings
  • Wi-Fi configuration

iOS Settings

  • Restrictions
  • Exchange ActiveSync configuration

iOS and OS X Settings

  • VPN configuration
  • Mail, Calendar, Contacts and LDAP settings
  • Security and Privacy settings

OS X Settings

  • Custom Settings
  • Exchange ActiveSync configuration
  • iOS and OS X Settings
  • Launch Applications at login
  • Mail, Calendar, Contacts and LDAP settings
  • Network Mounts at login
  • Restrictions for Applications, Media and Preferences
  • Security and Privacy Settings

Samsung Enterprise Settings

  • Application Management
  • Bluetooth Settings
  • Device Inventory Settings
  • Exchange ActiveSync Settings
  • Firewall Settings
  • Passcode Settings
  • Restriction Settings
  • Roaming Settings
  • Security Settings
  • VPN Settings
  • Wi-Fi Settings

Samsung KNOX Settings

  • Application Management
  • Browser Settings
  • Container Account Policy
  • Container Management Settings
  • Email Settings
  • Exchange Settings
  • Firewall Settings
  • IMAP/POP Settings
  • Passcode Settings
  • Restriction Settings
  • VPN Settings