How to configure Mac OS X Server

Similar documents
Virtual Office Remote Installation Guide

Optional Mainserver Setup Instructions for OS X Support

Mac OS VPN Set Up Guide

APNS Certificate generating and installation

Wazza s QuickStart 10. Leopard Server - Managing Preferences

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

Wazza s QuickStart 1. Leopard Server - Install & Configure DNS

Phone: Fax: Box: 230

Enterprise Apple Xserve Wiki and Blog using Active Directory. Table Of Contents. Prerequisites 1. Introduction 1

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

Check current version of Remote Desktop Connection for Mac.. Page 2. Remove Old Version Remote Desktop Connection..Page 8

Working Together - Your Apple Mac and Microsoft Windows

Mac OS X Secure Wireless Setup Guide

Configuring the Active Directory Plug-in

MAPPING THE WEBDRIVE REFERENCE GUIDE

Using Remote Web Workplace Version 1.01

IMAP and SMTP Setup in Clients

GO!Enterprise MDM Device Application User Guide Installation and Configuration for ios Devices

Download and Install the Citrix Receiver for Mac/Linux

Open Directory. Contents. Before You Start 2. Configuring Rumpus 3. Testing Accessible Directory Service Access 4. Specifying Home Folders 4

How to install and use the File Sharing Outlook Plugin

TSM for Windows Installation Instructions: Download the latest TSM Client Using the following link:

Initial Setup of Microsoft Outlook 2011 with IMAP for OS X Lion

Other documents in this series are available at: servernotes.wazmac.com

Daylite Server Admin Guide (Dec 09, 2011)

SSL VPN Setup for Windows

Sophos Mobile Control SaaS startup guide. Product version: 6

Apple Mac VPN Service Setting up Remote Desktop

EMR Link Server Interface Installation

Cox Business Premium Online Backup USER'S GUIDE. Cox Business VERSION 1.0

Cloud Server powered by Mac OS X. Getting Started Guide. Cloud Server. powered by Mac OS X. AKJZNAzsqknsxxkjnsjx Getting Started Guide Page 1

GO!Enterprise MDM Device Application User Guide Installation and Configuration for ios with TouchDown

The safer, easier way to help you pass any IT exams. Exam : 9L OS X Server Essentials 10.8 Exam. Title : Version : Demo 1 / 6

Remote Desktop Solution, (RDS), replacing CITRIX Home Access

How To Install A Cisco Vpn Client V4.9.9 On A Mac Or Ipad (For A University)

Preparing for GO!Enterprise MDM On-Demand Service

How To Set Up Dataprotect

How to configure your Desktop Computer and Mobile Devices post migrating to Microsoft Office 365

1. Open the Account Settings window by clicking on Account Settings from the Entourage menu.

Eduroam wireless network Apple Mac OSX 10.5

Remote Access Enhancements

owncloud Configuration and Usage Guide

Snow Inventory. Installing and Evaluating

Getting Started With. Mac OS X Server. Includes installation and setup information for Mac OS X Server version 10.2

How To Sync Google Drive On A Mac Computer With A Gmail Account On A Gcd (For A Student) On A Pc Or Mac Or Mac (For An Older Person) On An Ipad Or Ipad (For Older People) On

Advanced Configuration Steps

TIPS FOR USING OS X 10.8 MOUNTAIN LION

Migration User Guides: The Console Application Setup Guide

VIRTUAL SOFTWARE LIBRARY REFERENCE GUIDE

How to Install a Network-Licensed Version of IBM SPSS Statistics 19

VPN Web Portal Usage Guide

Setting Up and Accessing VPN

Sophos Enterprise Console Help. Product version: 5.1 Document date: June 2012

Sophos Mobile Control User guide for Apple ios. Product version: 4

Office of Information Technology Connecting to Microsoft Exchange User Guide

Hallpass Instructions for Connecting to Mac with a Mac

Administration Guide. BlackBerry Enterprise Service 12. Version 12.0

Installing Logos SSL Certificates on Mobile Devices

Application Note 8: TrendView Recorders DCOM Settings and Firewall Plus DCOM Settings for Trendview Historian Server

MDM User Guide June 2012

AVG Business SSO Partner Getting Started Guide

Virtual Private Network (VPN)

Integrating Mac OS X 10.6 with Active Directory. 1 April 2010

Active Directory Integration for Greentree

DECS DER APPLE WIRELESS HELPER DOCUMENT

OneDrive for Business User Guide

Wazza s QuickStart 17. Leopard Server - Blogs & Wikis

Two Factor Authentication (TFA; 2FA) is a security process in which two methods of authentication are used to verify who you are.

SHC Client Remote Access User Guide for Citrix & F5 VPN Edge Client

Booth Gmail Configuration

RMS Cloud - Setup Instructions for Windows Computers

FileCruiser. Desktop Agent Guide

OneDrive for Business User Guide

Mobile Iron User Guide

GoldKey Software. User s Manual. Revision WideBand Corporation Copyright WideBand Corporation. All Rights Reserved.

UP L18 Enhanced MDM and Updated Protection Hands-On Lab

Business mail 1 MS OUTLOOK CONFIGURATION... 2

Installing and Configuring Remote Desktop Connection Client for Mac

Phone: Fax: Box: 230

Skype for Business. User Guide. Contents

Hands on Lab: Building a Virtual Machine and Uploading VM Images to the Cloud using Windows Azure Infrastructure Services

ATTENTION: End users should take note that Main Line Health has not verified within a Citrix

HDA Integration Guide. Help Desk Authority 9.0

Remote Access VPN SSL VPN Access via Internet Explorer

How to use SURA in three simple steps:

Manufacturing Representative SSL VDM Login User s Guide

CHARTER BUSINESS custom hosting faqs 2010 INTERNET. Q. How do I access my ? Q. How do I change or reset a password for an account?

Table of Contents. Oxygen Web Client Uploading my files Versioning my files Deleting my files... 36

Sophos Mobile Control Startup guide. Product version: 3

Kaspersky Lab Mobile Device Management Deployment Guide

DESKTOP CLIENT CONFIGURATION GUIDE BUSINESS

SSL VPN Support Guide

Global VPN Client Getting Started Guide

Administering FileVault 2 on OS X Lion with the Casper Suite. Technical Paper July 2012

Before You Begin: NOTE: Please read each step of these instructions carefully as not all steps include accompanying pictures.

EM L05 Managing ios and Android Mobile Devices with Symantec Mobile Management Hands-On Lab

NotifyMDM Device Application User Guide Installation and Configuration for Windows Mobile 6 Devices

CONNECT-TO-CHOP USER GUIDE

How to generate an APNs Certificate to use the Apple MDM protocol via the portal

Transcription:

How to configure Mac OS X Server By Rob Buckley In the previous article in this series, we showed you how to secure a Mac using the functions built into its operating system, OS X. See photo story here Read full article here These functions range from simple password protection and patch management through to full-disk encryption. However, these are not the only security functions available. Indeed, OS X has a whole security and management infrastructure available for administrators called Managed Preferences, which can be managed most easily using OS X Server. Capable of running on any Mac that can run OS X 10.8, it is priced at 13.99 for unlimited client connections, so easily affordable. Apple also sells a customised Mac mini desktop computer with improved storage capabilities, which comes with OS X Server installed for small and medium-sized companies, as well as workgroups, which want a dedicated machine. In this article, we ll show you just a couple of the security features of OS X Server: global password policies and data loss prevention.

Configuring Mac OS X Server for the first time Once you have installed OS X Server, you will need to configure it. All management of services is conducted using the Server application that has been installed into your Applications folder. The Server application can manage not just the server you have just installed, but also any other Mac that you can access on the network, so can be installed on an administration machine, for example, so that you don t have to physically access the server. When you launch Server, you will be walked through some of the basic steps for configuration, using the set-up assistant.

1) If you re planning to set up or manage another server on the network, click on Other Server; otherwise, click on Continue.

2) Enter a name for the computer that Mac users will see on the network if they try to connect to the server for service. Then enter a Host Name this should be a host name (for example, server.computerweekly.co.uk), a Bonjour name for local users (for example, server.local) or, if you are planning on allowing access to the server only via a VPN (OS X Server has a built-in VPN server), a name ending in.private. Types of user account User accounts on standalone Macs have so far been split between ordinary accounts and administrator accounts. However, Macs can also access network accounts held in directories, such as Active Directory, as well as OS X Server s Open Directory, an LDAP-based directory of accounts, which can be securely accessed over a network by both client and server Macs.

Setting up Open Directory 1) Click on Open Directory in the Server application, then slide the off/on switch to on.

2) Click on Create a new Open Directory domain, then click on Next.

3) You will now have to create a new user to administer Open Directory. The default is Directory Administrator of diradmin for short but you should choose another name and short account name to be more secure.

4) You should then enter your organisation name and a contact email address.

5) OS X Server will now start up Open Directory and create the new administrator account. This will take a few minutes, so if you are worried the process is taking too long, open up the Terminal application in your Utilities folder and use tail -f /Library/Logs/slapconfig.log to get a running update on how far along the process is and whether it is having problems.

6) To be secure, all configuration information sent to client devices will be encrypted using SSL. You can create or install SSL certificates using the Server application s Certificates function

but you can also use a self-signed certificate created by OS X Server to encrypt traffic. This will not automatically be trusted by devices until it is installed on them as well, so for a full deployment, the extra effort of getting a certificate signed by a trusted authority is worth it.

7) The server can send you push notifications warning you of problems. These will be sent to whatever Apple ID you enter in the next dialogue. 8) The server is now set up.

Setting up a global password policy Now that you have Open Directory running, it is a good idea to set up a global password policy for users. 1) Click on Open Directory in the sidebar of the Server application. 2) Select your server then click on the cog icon and select Edit Global Password Policy.

3) From the options available, select as many as are needed to comply with your corporate password policy. The more complex, the harder the password will be to crack, so an eight-character minimum with numeric and other characters is recommended. 4) Click on OK.

Creating a network user Any new user you create on the server using the Server application will now be a network user. 1) To create a new user, click on Users in the sidebar, then the + button at the bottom of the Users window. 2) Enter a full name. The application will then create an account name based on that full name, which you can change if you want.

3) Enter a password and verify it. The key icon next to the password field is a strong password generator, so use this to create a random password for the user. If it fails to meet the global password policy, you will receive a warning and have a chance to change it. 4) When you have finished, click on Done.

Managing preferences Although OS X Server s Profile Manager application offers device management capabilities for both Macs and ios devices, it uses a different system that is not supported by older Macs. Instead, to lock down settings for Macs, use the more advanced Workgroup Manager tool available for free here. Download and install this as you would any other Mac app, then log in using the ID and password you created in step 3 above.

1) Make sure that the bar at the top of the window says you are authenticated to the LDAPv3 server, rather than the local node.

2) Now click on Preferences in the toolbar. To manage a preference of any user or users, click on their user accounts in the sidebar then select the preference you want to manage.

3) If you want to manage the preferences of everyone, click on the group icon above the list of names and select Workgroup.

4) To manage the ability of users to burn CDs and access disks, click on Media Access. You can then remove access to various types of disks, make them read-only and/or require authentication to access them. Click Apply Now and then Done to save your changes.

5) You can stop users being able to add or access printers or force a footer to be added to any documents using the Printing tab.

6) Using the Applications tab, you can restrict users to being able to use only specific applications or applications in specific folders. You can also stop applications in specific folders from launching and OS X Dashboard widgets can also be blocked from running.

7) Individual system preferences panes can be removed from the System Preferences application, using the System Preferences icon. Remove the ones you don t think users should be able to access, such as the Parental Controls, Sharing and Security & Privacy.

Binding clients With the server configured, you can now configure client Macs to access the server when they log in. 1) On each client Mac, go to System Preferences and select Users & Groups. 2) After authenticating, click on Login Options and then click on Join next to Network Account Server.

3) In the sheet that opens, enter the server address or select it from the pull-down menu if it s on the local subnet. 4) Click OK.

5) If you don t have trusted SSL certificates installed on the server, the Mac will ask if you want to trust the server s self-signed certificates. Click Trust.

6) If you want to have the client Mac authenticate its binding, enter the directory administrator ID and password. You can leave these blank, since it s less network overhead, but this will increase the chances of a man-in-the-middle attack.

7) Click OK. There should now be a green light next to the Network Account Server and the server name. Anyone now logging onto the Mac with the existing local accounts on the client Macs will not be subject to any configuration directives you have set up in Profile Manager, since the Mac will look to the local account first, the network account second. Therefore, if you have an existing estate of Macs, you should set up separate network accounts for all your users using OS X Server, and then migrate the local data to the new accounts, before deleting the old local accounts. Next steps Locking down settings and applications is just the beginning of integrating Mac security with the rest of your security estate using OS X Server. From here, you can look to integrating Open Directory with Active Directory, enrolling devices into Profile Manager for remote wiping, more advanced configuration, creating and deploying VPN and Wi-Fi configuration files, and many more advanced features.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information