Group policies and system preferences

Windows administrators who have Mac OS X computers in their organization often want to manage settings for all of their computers and users using a standard set of tools. In a Windows environment, the standard method for managing computer and user configuration settings is through group policies applied to the appropriate site, domain, or organizational unit (OU) for computer and user accounts.

The Centrify administrative template for Mac OS X (centrify_mac_settings.xml or centrify_mac_settings.admx) provides group policies that can be applied to control the behavior of Mac OS X computers running supported versions of the Mac OS X operating system, and the configuration settings for the users who log on to those computers. By adding the administrative template for Mac OS X to a Group Policy Object, Windows administrators can access and set native Mac OS X system preferences.

This chapter provides an overview of the group policies you can enable under Mac OS X Settings if you add the administrative template. These group policies control the following types of Mac OS X system preferences:

  • Accounts
  • Appearance
  • Desktop & Screen Saver
  • Dock
  • Saver
  • Security
  • Sharing
  • Software Update

When you Enable a group policy in a Windows Group Policy Object, you effectively set a corresponding system preference on the local Mac OS X computer where the group policy is applied.

For example, if you enable the group policy Computer Configuration > Policies > Centrify Settings > Mac OS X Settings > Security & Privacy > Require password to unlock each secure system preference, it is the same as opening the Security & Privacy system preference on a local Mac OS X computer, clicking Advanced, and setting the Require an administrator password to access locked preferences option.

On the local Mac OS X computer, the corresponding option is checked:

Note:   Not all group policies apply to all versions of the Mac OS X operating environment or all Mac computer models. If a particular system preference doesn’t exist, isn’t applicable, or is implemented differently on some computers, the group policy setting may be ignored or overridden by a local setting. Use the information in this chapter as a general guideline to group policies for Mac OS X. Refer to Administrator’s Guide for Mac for detailed group-policy information for all Mac OS X versions.

Once the administrative template for setting Mac OS X group policies is installed as described below, the Windows administrator can use Group Policy Management and Group Policy Management Editor to define, link, and enforce these policies on Mac OS X computers that are joined to an Active Directory domain.

For more information about using Active Directory Users and Computers or Group Policy Management to create and link Group Policy Objects to sites, domains, or OUs, see Adding Centrify settings to Group Policies Objects. You can also refer to that section for more information about how to add administrative templates to a Group Policy Object.