[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AD Accounts as Administrators for Macs?

Subject: AD Accounts as Administrators for Macs?
From: David Rocamora <email@hidden>
Date: Fri, 21 Jul 2006 12:02:51 -0400
Delivered-to: email@hidden
Delivered-to: email@hidden
Thread-index: Acas3x4kXPJa9BjSEdufvwANk8l1Lg==
Thread-topic: AD Accounts as Administrators for Macs?
User-agent: Microsoft-Entourage/11.2.1.051004

I¹m in a place that¹s mostly Windows and uses Active Directory for
everything. We have a magic triangle setup here with our Open Directory. We
netboot 90% of our Macs.

Up until a few months ago we had a local administrator account in our
netboot images and out locally installed Macs. When one of the helpdesk
staff needed to work on a machine they would use this shared password. This
began to cause us trouble because it became more difficult to change the
password in the netboot and on all of the local installed machines. For this
reason we migrated to using an Active Directory account. The account is
configured in Directory Access to be an administrator and I edit
/etc/sudoers to allow the account to sudo.

This is working fine but I¹ve been asked to eliminate the use of shared
accounts. I¹d like to be able to make a group of users administrators on the
Macs with sudo access without having to edit /etc/sudoers for every single
member of the group. Is there a way I can make an OD group administrators
and then nest an AD group inside of it? Is there another solution for this?

Thanks in advance.

David Rocamora Systems Administrator

This message is the property of R/GA and contains information which may be privileged or confidential. It is meant only for the intended recipients and/or their authorized agents. If you believe you have received this message in error, please notify us immediately by return e-mail or by forwarding this message to email@hidden, and destroy any printed or electronic copies of the message. Any unauthorized use, dissemination, disclosure, or copying of this message or the information contained in it, is strictly prohibited and may be unlawful. Thank you.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Client-management mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/client-management/email@hidden

This email sent to email@hidden

Follow-Ups:
- Re: AD Accounts as Administrators for Macs?
  - From: "Reese, Stevan" <email@hidden>

Prev by Date: Re: Importing Computer List
Next by Date: Re: Script problem
Previous by thread: RE: Importing Computer List
Next by thread: Re: AD Accounts as Administrators for Macs?
Index(es):
- Date
- Thread

Home