Application Management Control For Mac
I'm looking for recommendations on how to manage a fleet of Mac computers. They're a mix of MacBooks and Mac Pro's running 10.11.
I would like to have the same type of functionality that AD provides for Windows.push out policies, profiles, ect. In particular, the thing that prompted this question was the deployment of a new wireless configuration. I've seen mention of the Casper suite, but I'm not convinced that's what I need in this instance. I'm not looking for the ability to image or push out applications. Any thoughts are appreciated. Edited Jan 7, 2016 at 20:30 UTC.
Implement least privilege through application control using the most advanced privilege management and application control software, all in a single tool. Trustwave’s Managed Application Control (MAC) solution is the industry’s most comprehensive endpoint whitelisting solution available, combining a trust-based and policy-driven approach to application control with real-time threat intelligence. Home > Project Management Software > Project Management Software For Mac Finding software can be overwhelming. We've helped hundreds of dedicated Apple users choose the right PM software so they can manage their projects from a Mac computer and automate tasks.
Carl Holzhauer wrote: I'm looking for recommendations on how to manage a fleet of Mac computers. They're a mix of MacBooks and Mac Pro's running 10.11. I would like to have the same type of functionality that AD provides for Windows.push out policies, profiles, ect.
In particular, the thing that prompted this question was the deployment of a new wireless configuration. I've seen mention of the Casper suite, but I'm not convinced that's what I need in this instance. I'm not looking for the ability to image or push out applications. Any thoughts are appreciated. Your question is a common one, although most typically lost amidst some other post here in the Apple area.
The (very) roughly analogous equivalent to GPO for Macs is the built-in ability once managed through MCX and now Profiles. You can purchase OS X Server & set it up in a VM (on a Mac, as Apple requires) or a dedicated Mini in order to create Profiles, but for real-world use many prefer not to use Profile Manager - some alternatives are Meraki MDM (free), Simple MDM and Bushel.com for Apple-only management.
You can also accomplish a great deal (and many do) via Apple's Remote Desktop Casper isn't cross-platform (Apple/OS X-only) but considered by most to be best-in-breed for managing OS X. Other commercial options that are cross-platform include Filewave and Absolute Manage Some use Microsoft SCCM (with many caveats, including that it's not yet compatible with 10.11at least anecdotally) I have worked with KACE in the past but at that time their documentation for Mac was actually from their end-user forums, incomplete and even incorrect. Open-source or free/donationware software best options are Munki, Reposado, DeployStudio and many others (requiring scripting knowledge and/or more advanced knowledge of OS X internals in order to implement). Edited Jan 7, 2016 at 20:38 UTC. Absolute Manage was terrible when it was LanRev.
I don't know if it was our deployment or them, but the software was not designed well and barely worked. If you want to try Absolute, test it completely and run it through the ringer before committing to it.
I will agree that Casper is at the top of the list, I've used it and like it very much, this software comes highly recommended in my IT department as it can cover hundreds of Macs easily and quickly with policies and regular software updates. Apple Remote desktop is a very useful tool in deploying/remote management/keeping Macs in-order. Another management tool to add to the list: Parallels Mac Management.
7Tigers wrote: Absolute Manage was terrible when it was LanRev. I don't know if it was our deployment or them, but the software was not designed well and barely worked.
If you want to try Absolute, test it completely and run it through the ringer before committing to it.When I was evaluating them in 2012 their support suggested what amounted to compromising Active Directory Certificate Services (exporting the CA's private key, importing it into Absolute) to resolve an issue with network 802.1x authentication. Really not cool if down the road I left the company and my successor didn't know enough about ADCS. Absolute has one or two 'Mac experts' in their support staff. While knowledgeable and helpful, Mac support didn't seem to be a priority as my requests always went to the same people who took a few days to get back to me. When JAMF Casper Suite had a similar bug, JAMF support was aware of it and had a fix going through QA testing. They happily extended our evaluation period for a couple weeks so we could finish our evaluation with the fixed version of Casper Suite.
Everyone I ever worked with in JAMF support knew Macs and iOS devices, knew the JAMF product, and could get the issue solved. I've also evaluated Thursby Software's ADmitMac. Setting up your policies in Group Policy and having the ADmitMac client translate the into OS X policies on the Mac is great in theory, but in practice every OS X point release would leave the solution broken, not authenticating to Active Directory, and not pulling down policy updates. So you still need some sort of configuration management solution to verify things are working and fix them if not.
Every other solution seems to solve part of the solution. JAMF Casper Suite hits it all: OS imaging, application deployment, policy management, configuration management, and to some extent OS updates (OS updates can be deployed as software packages based on inventory information, automated update management is coming soon.). I am going through a deployment with Addigy right now, and having very mixed results. At first seemed wonderful, but after being on the product for 2 months, it just plain isn't working. I mark updates to apply to my machines, the update window rolls around, and they don't apply. The public software that they are able to push, Adobe, Firefox, etc.
Are configured to reinstall every 30 minutes when a policy applies, which is causing performance issues on my machines. I have enabled option on all my Macs to disable prompting of automatic updates for MS Office 2016, yet they are still getting prompted I just recently found out.
Things just keep stacking up and not seeing results. On top of that, any requests for help seem to be delayed because they indicate they are short-staffed or 'very busy'.I understand quick growth can be hard to adjust to, but at some point you have to increase resources or do something to fix the issues in the product that are adversely affecting your customers. There is little transparency on what releases are being sent out with the product to even know if any of the bugs I am facing have been fixed. At this point we will likely be cancelling the service unless some of these mission critical issues can be resolved soon.
Dhumes wrote: I am going through a deployment with Addigy right now, and having very mixed results. At first seemed wonderful, but after being on the product for 2 months, it just plain isn't working.
I mark updates to apply to my machines, the update window rolls around, and they don't apply. The public software that they are able to push, Adobe, Firefox, etc. Are configured to reinstall every 30 minutes when a policy applies, which is causing performance issues on my machines. I have enabled option on all my Macs to disable prompting of automatic updates for MS Office 2016, yet they are still getting prompted I just recently found out.
Things just keep stacking up and not seeing results. On top of that, any requests for help seem to be delayed because they indicate they are short-staffed or 'very busy'.I understand quick growth can be hard to adjust to, but at some point you have to increase resources or do something to fix the issues in the product that are adversely affecting your customers. There is little transparency on what releases are being sent out with the product to even know if any of the bugs I am facing have been fixed. At this point we will likely be cancelling the service unless some of these mission critical issues can be resolved soon.Have a look at Solarwinds MSP (for Mac & PC), there's a very active channel for it at the MacAdmins slack - Thing about that is, I got in when Munki was still available (with a product called 'Gruntworks') which was acquired by Logicnow then they were acquired by Solarwinds.
BUT the original (or one of the main original) Gruntworks devs is working with Solarwinds and - for example - many new features are in the works. Absent Munki for patching for Macs, it'd be a lot less useful to me. Supposedly you can ask your rep to have it enabled they just don't support it as of yet (but you can get help in the Slack channel). I don't use their built-in screensharing (use Splashtop instead), that's one main thing needing improvement right now in Solarwinds MSP, but there is active development going on currently (see the MacAdmins Slack channel for same). Edited Aug 15, 2017 at 14:36 UTC. I am glad I found this thread.
I have just inherited the MAC management role at my office and the previous guy was looking into Centrify. I have had several email correspondences with our centrify rep and he always seemed to busy to answer my questions. I tried to schedule a call with him over a month ago and he suggested something for the following week. The next week, I could not get any responses. I have trashed the idea of centrify based off of this terrible experience and I would NOT recommend it to anyone. Additionally, since we started our trial, they sales person we were working with has left the company, then the guy who replaced him has also left. So, I see the revolving door as a sign to STAY AWAY.
I have since purchased Mac Server and setup a mini to manage the macs. I have bound the machines to the domain so we can filter the outside connections via Bradford. I must say, personally, I do not like the mac server option at all. I guess it works for us (less than 10 machines) but I know there has got to be a better way.
I will now look into some of the suggestions listed above to see if I can achieve 'total lock down' of these machines on our network.
Apple Remote Desktop is the best way to manage the Mac computers on your network. Distribute software, provide real-time online help to end-users, create detailed software and hardware reports, and automate routine management tasks — all from your own Mac. Software Distribution -Easily copy and install software on remote Mac systems.Encrypt network data when copying packages and files.Configure a Task Server to assist with package installations on offline computers. Remote Assistance -Observe and control your Mac computers.Transfer files between Mac computers using Drag and Drop.Copy and paste information between any two computers.Prevent end-users from viewing the screen while you control their systems with Curtain Mode.Control Virtual Network Computing (VNC)–enabled computers including Windows, Linux and UNIX systems. Remote Administration -Perform over a dozen commands securely on remote Mac systems.Remotely lock screens, sleep, wake, restart and shutdown of Mac systems.Execute UNIX shell scripts or commands on your client systems. Asset Management and Reporting -Perform lightning-fast searches with Remote Spotlight search.Gather reports on more than 200 Mac hardware attributes.See reports on user logins and application use.Use a Task Server to assemble inventory reports, even from mobile systems not connected to the network.
Automation -Automate routine management tasks using Automator in OS X.Get started immediately with over 40 actions.Chain actions together to create powerful system administration workflows.Combine actions with other application actions to create end-to-end solutions.Save workflows as plug-ins to provide simple, customised interfaces to Apple Remote Desktop features. The Apple Remote Desktop 3.9 update improves usability, compatibility, and reliability and is recommended for all users. This update:. Allows users to export and restore an encrypted list of computers and user credentials. Allows administrators to call attention to items on a remote screen using an assistant cursor. Adds Touch Bar support for MacBook Pro (2016) computers.
Improves security when communicating with clients running OS X Yosemite 10.10.5 or later. Adds an optional compatibility mode for communicating with clients running any version of OS X Mountain Lion 10.8, OS X Mavericks 10.9 or OS X Yosemite 10.10.4 and earlier.
3.8 Jan 27, 2015. This update is recommended for Apple Remote Desktop users and addresses several issues related to overall reliability, usability and compatibility. This update also provides: - Fixed scanner issue causing wrong IP addresses to be displayed - Changes to view order of screens in multi-observe mode - Support for OS X Mavericks - Automatic copy and paste between local and remote computers - Improved support for Mac systems with multiple displays and multiple IP addresses - Enhanced multi-observe with gesture support for swiping between screens - Improves overall reliability of the Remote Desktop application and screen sharing sessions.
3.7.1 Dec 3, 2013. This update is recommended for Apple Remote Desktop users and addresses several issues related to overall reliability, usability and compatibility. This update also provides: - Support for OS X Mavericks - Automatic copy and paste between local and remote computers - Improved support for Mac systems with multiple displays and multiple IP addresses - Enhanced multi-observe with gesture support for swiping between screens - Improves overall reliability of the Remote Desktop application and screen sharing sessions. 3.7 Oct 22, 2013. The Apple Remote Desktop 3.9 update improves usability, compatibility, and reliability and is recommended for all users. This update:. Allows users to export and restore an encrypted list of computers and user credentials.
Allows administrators to call attention to items on a remote screen using an assistant cursor. Adds Touch Bar support for MacBook Pro (2016) computers. Improves security when communicating with clients running OS X Yosemite 10.10.5 or later.
Adds an optional compatibility mode for communicating with clients running any version of OS X Mountain Lion 10.8, OS X Mavericks 10.9 or OS X Yosemite 10.10.4 and earlier. TerryMundo, Hidden settings with Upgrade issue I’ve been using Remote desktop for years (maybe over 10) It has had some isssues over the years. Currently people seem to have the same issue as me, the app forced an update on my computer but older comptuers can’t update. You can go to prefrences and click on ‘Allow Communication with older clients (less Secure)’ THis will fix the issue. Then you can update the clients remotely if needed.
Forcing secure connections is what Apple and other companies need to do today. I am able to manage 60 computers remotley from diffrent locations, even thousands of miles away. Install, update, reboot and change configurations. I think it’s great, however, clients do disapper at times and need to be put back in.
Reports hang at times but after a reboot work again. There are some bugs with the software. Over the years it seems that it has gotten more buggy. In all I use it everyday and when I do have a probelm I am able to fix it rather quickly by googling the issue. TerryMundo, Hidden settings with Upgrade issue I’ve been using Remote desktop for years (maybe over 10) It has had some isssues over the years.
Currently people seem to have the same issue as me, the app forced an update on my computer but older comptuers can’t update. You can go to prefrences and click on ‘Allow Communication with older clients (less Secure)’ THis will fix the issue. Then you can update the clients remotely if needed. Forcing secure connections is what Apple and other companies need to do today. Qualified scsi hba cards pro tools systems for mac pro. I am able to manage 60 computers remotley from diffrent locations, even thousands of miles away.
Install, update, reboot and change configurations. I think it’s great, however, clients do disapper at times and need to be put back in.
Reports hang at times but after a reboot work again. There are some bugs with the software. Over the years it seems that it has gotten more buggy. In all I use it everyday and when I do have a probelm I am able to fix it rather quickly by googling the issue. REXprints, Gone critical I’m a professor. I’ve got a couple dozen iMacs to manage, with attendant students.
ARD was critical in deploying software, shutting down, locking screens for lectures and tests, distributing files, on-screen help and discreet messagesfor individual students, student presentations and demo’s. I’ve used it for years, forgiving it’s little erratic stumbles and false problems, but the last upgrade (admin app) and update (client side) have ended all that. The dread “Failed to Authenticate” issue is sometimes a false problem you can ignore, but now almost always a critical fail. After getting blown around in the storm of on-line questions and solutions from all the other disappointed users, I’ve given up. I have cobbled together AirDrop, Bluetooth, thumb drive, and cloud work-arounds for some functionalities, but basically ARD has seriously degraded my ability to teach and manage the college studio courses. I depended on it all day every day, so I’m very sorry Apple hasn’t come up with a solution. Such a pity for a company which successfully made education its core market.
REXprints, Gone critical I’m a professor. I’ve got a couple dozen iMacs to manage, with attendant students. ARD was critical in deploying software, shutting down, locking screens for lectures and tests, distributing files, on-screen help and discreet messagesfor individual students, student presentations and demo’s. I’ve used it for years, forgiving it’s little erratic stumbles and false problems, but the last upgrade (admin app) and update (client side) have ended all that. The dread “Failed to Authenticate” issue is sometimes a false problem you can ignore, but now almost always a critical fail. After getting blown around in the storm of on-line questions and solutions from all the other disappointed users, I’ve given up. I have cobbled together AirDrop, Bluetooth, thumb drive, and cloud work-arounds for some functionalities, but basically ARD has seriously degraded my ability to teach and manage the college studio courses.
I depended on it all day every day, so I’m very sorry Apple hasn’t come up with a solution. Such a pity for a company which successfully made education its core market. WPSTech, Just horrible We use this in a public school district. Initially it worked great, but as time went on, newer versions became buggier and buggier. Right now we experience the following; 1. Machines constantly showing up as “Access Denied”. Get info, enter the admin password and it’s fine.
Quit and reopen ARD and different machines will now show as “Access Denied”. Machines that show as “Offline” and remain offline until you quit and restart ARD, then it’s active. Dragging a small.pkg to one machine takes a minute to send and install. Dragging the same package to two machines at the same time takes 30 minutes (LAN, not wi-fi). We have a Mac Mini we’d like to use as a Task Server to push.pkg files to remote laptops in mobile carts as they come online. Every week we fight with getting the Task Server to actually enable and more time getting our admin ARD clients to see that it’s available. Wait a few days and 'Task Server is unavailable”.
None of these problems existed in earlier versions of ARD 3.x. WPSTech, Just horrible We use this in a public school district. Initially it worked great, but as time went on, newer versions became buggier and buggier.
Application Management Control For Mac Mac
Right now we experience the following; 1. Machines constantly showing up as “Access Denied”. Get info, enter the admin password and it’s fine. Quit and reopen ARD and different machines will now show as “Access Denied”. Machines that show as “Offline” and remain offline until you quit and restart ARD, then it’s active. Dragging a small.pkg to one machine takes a minute to send and install. Dragging the same package to two machines at the same time takes 30 minutes (LAN, not wi-fi).
We have a Mac Mini we’d like to use as a Task Server to push.pkg files to remote laptops in mobile carts as they come online. Every week we fight with getting the Task Server to actually enable and more time getting our admin ARD clients to see that it’s available. Wait a few days and 'Task Server is unavailable”.
Application Management Control For Mac Pro
None of these problems existed in earlier versions of ARD 3.x.