Using local MacOS administrator accounts can lead to security and compliance issues such as unauthorized sharing of the administrator password with non-administrators or remote access by a former employee. The secure approach is to grant Active Directory users Mac administrator rights to minimize risk and meet regulatory compliance. This article will show you how to grant Mac administrator rights to Active Directory users through Centrify's Active Directory group policy settings.
1. In Group Policy Management, create a GPO and enable: Computer Settings > Policies > Centrify Settings > Mac OS X Settings > Accounts > Map zone groups to local admin group
a) Click on the Add... button. A new window will appear.
b) Click on the Browse button. A new window will appear. You can enter manually enter a group name in this window but it is better to browse and select the group to ensure the proper group name is entered.
c) Enter a keyword into the Name field for the Active Directory group that you want to add, then click on Find Now. Make sure you add IT/helpdesk team and any user that needs admin rights on the Mac.
d) Select the desired group name and click OK.
The setting will apply when the user logs out and logs back in.
If your Mac is using Zone mode, use the following article: https://centrify.force.com/support/Article/KB-3049-How-to-use-the-Map-zone-groups-to-local-admin-gro...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.