Managing/Importing New Group Policy Templates
01-22-2019 11:55 AM
Summary: We have a small MacOS subset of a larger (Windows) environment. The environment has an ADCS that all machines get certificates from via group policy. A primary reason we originally purchased Centrify was to use the DC client for certificate enrollment (on the Macs; we don't have Centrify on Windows at all). We also use it for a few other policy settings but that's about it. While we've done a good job at keeping the DC client up to date on the Mac endpoints we have not imported group policy templates in quite a while. If I'm understanding things correctly there is no master ADMX template that can be loaded into SYSVOL and you're supposed to import the template into existing group policy objects. The person who originally set up GP for the Macs via Centrify broke things out into many individual GPOs, for example, we have one for "Centrify - Firewall", "Centrify - Accounts", etc.
Question: If I go to edit one of these existing policies I can right-click on "Centrify Settings" and can see the two existing XML templates being used. Would I just add the new templates to each individual GPO ("Firewall", "Accounts", etc.) one at a time? How much do I need to worry about this impacting existing settings? Or....maybe everything I've laid out is wrong and there is a different way to do this....
01-22-2019 02:33 PM
Welcome back to the community.
Part of keeping your environment up to date and to discover new features on the Mac capabilities is to update your GPO templates. When you upgrade the components in your management station, open GPMC and right click the Centrify Settings and select Add/Remove templates.
You can easily see by timestamp how outdated your templates may be
Press Add. Below are the timestamps of the 18.11 version.
Select the template in question and commit
Update on any other places the template has been used.
Note that moving forward, all Mac-related capabilities are supported by Idaptive. This answer was provided as a courtesy.
Idaptive Products (Direct Control for Mac agent and SAP Plug-Ins) are now available for download from the Idaptive Download center. For any issues or help, please contact Idaptive Support via https://support.idaptive.com/s/ or call +1-408-495-8118.