The Centrify Apple Guys

DirectControl 5.0.1 is the first release on the Macintosh platform that provides support for Next Generation Zones.

Here are some highlights on new functionality in this release:

Support for OS X 10.7.

This includes support for Apple's FileVault full disk encryption and Microsoft's Distributed File System (DFS) capabilities.

More details on our Filevault support are here : 

DirectControl for Mac OS X Filevault Configuration

More details on our DFS support are here : 

Centrify Support for DFS in OS X 10.7 (Lion)

Automated Certificate Enrollment.

Centrify enabled machines can now automatically detect if a Windows Group Policy requires machine certificates to be present. The Mac will then automatically request, download and install a machine certificate into the OS X keychain and make it available for services such as 802.1x and VPN.

When the certificates reach their expiration lifetime, DirectControl will automatically request a new certificate and update the certificate in keychain.

• 802.1X configuration management is provided by Apple's Profile Manager in Lion 10.7
• 802.1X configuration support for 10.6 is provided as a Centrify group policy.

Improved support for Printer Management on the Mac.

Customers now have the ability to assign users to the _lpadmin and _lpoperator printer groups on the local mac. This will allow users to stop and restart the print queue and create their own printer definition files if required.

Simplified configuration for automatically mounted fileservers and home directories.

• A new Group Policy allows you to specify the file servers you would like mounted on the desktop at login time.
• A new policy to mount the user's network home directory on the desktop

Smartcard support.

• Centrify now provides full smart card support for 10.6 and 10.7 for all CAC, CACNG, and PIV cards. This includes the Oberthur ID One 128 v 5.5 Dual Smart Card.
• Note: Support for smart card authentication on 10.7 is provided, however, the user is required to enter their smart card UPN in addition to their PIN. This is remedied by selecting “other” and then present the Smartcard’s UPN through the username and password field (the password field will take the place of the PIN edit field).  If the user presents the correct information in the “other” login window, the user can login using a Smartcard.  The only way to get the UPN or “NT Principal Name” is to query the card and review the certificates for that user. See example below.
• Update Mar 1 2012. The comment above only applies to versions 10.7-10.7.2. This smart card behavior was improved in 10.7.3, and there's a new note that explains the difference: http://community.centrify.com/t5/The-Centrify-Apple-Guy/OS-X-10-7-3-and-Smart-Card-Support/ba-p/3660