We have about 150 Mac users under Centrify 5.1 AD and often we need to migrated a user to a new MBP. This is in the event the user receives a new Mac or their machine needs to be repaired.
We would like to streamline our current process to reduce the time to peform the migration between two Macs. Currently these are the steps we take for the migration.
1. Reset user's password in AD.
2. Login as local admin and unlink network user account in Centrify Sytem Preferences Account Migration Tool.
3. Unbind Mac from AD using the Centrify AD Join Assistant app. Restart Mac.
3. Login as local admin and create a new local account with the user's account name/pass. Mac System Preferences then asks if the new account should be merged with existing account, click Yes.
4. New local account is created, this can take some time depending on amount of data.
5. Reboot Mac in target disk mode.
6. User Migration Utility on new Mac to transfer user's account. If the user's account is not coverted to a local account, the Migation utility wll not copy the account over to the new Mac.
7 After migration is completed, bind new Mac to AD with the Centrify AD Join Assistant app.
8. Restart and login as network or local admin. Use the Centrify Sytem Preferences Account Migration Tool to add the local account to AD.
9. Log in as the user to confirm the account migration was successful.
10. Have user reset password and log off (all of this while Mac is connected to ethernet cable).
11. User logs back in and then has to update keychain, Outlook and Wifi passwords with new AD pass.
We would like to reduce the number of steps as it involves Centrify with having to "break" the AD connection and reset passwords.
Any suggestions or links to support material to assist is appreciated.
Centrify has a Privilege Management solution for UNIX and Linux where we can grant specific users on specific computers elevated privileges to perform specific functions such as being a web or database admin.
We'd like to know if anyone has the need to grant specific rights to their end users, maybe on the machine that you've assigned to them or on a group of machines and if so, what rights you need to grant to the users.
You input and feedback is greatly appreciated.
Been a fan of your product from the first hour I tested.
In any event, I would love to see finer management of OS X clients similar to those found when OS X Leopard server was around.
I would like to be able to control startup items, browser settings for safari, and for that matter ALL system pref panes(if possible).
we have Mountain Lion machines joined to the AD domain, kinit and klist showed the kerberos ticket, but we can not have SSO for accessing the Sharepoint 2007 sites. It always prompted for a domain user name and password, and try to save that in the local keychain store.
The Sharepoint is configured to use NTLM authentication. We tried both Safari and Firefox, same results. A windows domain computer won't have any SSO issue.
My understanding is that Firefox and Safari by default will try to negociate with Sharepoint, and first use Kerberos, and then fall back to NTLM for authentication.
We don't want to change Sharepoint to Kerberos, is there any other way to make the SSO working? Or force browsers to send NTLM authentication? What can the Centrify do?
thanks a lot!