Mac management for Windows IT folks

One of IT's key roles is client management, which is all about defining or controlling many aspects of how users' computers function. This can include restricting access to specific applications or Web sites, configuring auto-update policies, securing various parts of the file system, and setting various display preferences or log-in scripts. This is all done with an eye to easing PC setup and deployment, increasing security and ensuring compliance with internal policies or legal regulations.

Most Windows administrators are familiar with client management in the form of Active Directory group policies. Group policies are incredibly flexible and can be used to define environment settings for computers, individual users or user groups. They offer a wide range of options for both restricting access to particular Windows features and applying predefined settings to Windows itself or individual applications. While not the be-all and end-all of client management options, group policies that are well planned and executed can significantly ease setup, security, and support processes for new users and computers.

[ Discover the key Mac and Apple tech trends for business users. Read InfoWorld's Enterprise Mac blog and newsletter. ]

So what happens to this nice, tidy Windows world when the hotshot sales director wants his next computer to be a MacBook Air? Although Macs are a long way from conquering the enterprise, their numbers are growing -- nearly 80 percent of businesses now have Macs in-house , according to a survey by Yankee Group Research. It's to your advantage to understand how to add them to your network safely and effectively.

The prospect of introducing Macs into a well-tuned and functioning Windows environment brings with it many questions and challenges. Will Macs be able to access network resources? Can they be joined to an Active Directory domain? What sort of deployment and management options are there for Macs?

We've got the answers to these questions, along with some tips and tools to make your Mac-Windows integration as smooth as possible.

Authentication and file/printer access

For several years, Macs have included support for accessing Windows shared files and printers through Apple's implementation of Samba. And Apple does provide an Active Directory plug-in to Mac OS X's authentication and directory services components that allows Macs to be joined to a domain and to authenticate users via their Active Directory credentials.

While Apple has improved its Active Directory plug-in since it was introduced in Mac OS X Panther in 2004, the plug-in isn't designed to offer complete access to all the facets of Active Directory available in Windows clients. It is designed to rely on LDAP, Kerberos and other supported encryption technologies to provide authentication -- which it does a generally good job of accomplishing. This is good news for organizations implementing a handful of Macs in an Active Directory environment.