Windows Domain Thuursby and Centrify..which one..both?

I am looking at have my Mac environment integrate with my Windows environment. I have 30x as many windows clients as Mac's I have the typical Windows office environment...AD, File Servers,Group Policies..etc,
I rather not have to go through expense of putting a OS X 10.6 server just to control 6 macs. I would like them to authenticate to AD and provide managment of the Mac environment.
I have done some research on Centrify and Thursby products and they both seem to be a recommeded solution.
I seems that Thursby does a better job of connecting to shares/DFS and Centrify does a better job of GP/AD integration.
So is it a one or the other senerio or is one perfed over the other?

Hi
Either one or the other. It's your choice as both achieve similar things. AFAIK Thursby's latest product is the only one that supports DFS attached volumes. If you go for Centrify you may need another product such as ExtremzIP for DFS Support? You can connect to any Windows based share without the need for anything beyond what's available in the Go Menu. A 'Mac Server' is not that expensive? Apple's mac mini server with SLS Unlimited may actually be more cost-effective? There are other technologies such as NetBoot and SUS you might consider using that might make the cost viable? If all you want is a means to manage the macs then any hardware that meets SLS minimum requirements will do. This would include laptops although they would not be officially supported for SLS use.
However:
Thursby's product does involve the use/support of an application you may not be familiar with? AdmitMac is installed on the Mac Clients. I'm not absolutely certain regarding the pricing/licensing but I think it's a per seat license? Centrify (or Likewise) is installed on the Windows Server. It 'sits' on top of the AD Schema and 'maps' apple-specific Object Classes, attributes and values that correspond with windows-specific ones. GPOs that are applicable to windows workstations can then be applied to mac ones. Everything is done from AD. No need to use/support another management application.
There are other ways of doing this depending on your skill set and requirements? You could alter the AD Schema itself? Create/add the appropriate Object Classes, attributes and values yourself. All you would need thereafter is WorkGroup Manager installed on a client mac workstation to assign appropriate MCX (or mac-style GPOs). Another way would be to download WorkGroup Manager (free to download) and install it on the mac workstations directly. Create a 'generic' local account separate from a locked down local administrator account and use WorkGroup Manager locally to manage that account or computer. WorkGroup Manager allows for finer 'granular' control beyond the built-in Parental Controls. If users are going to be 'using/sitting at' the same workstations rather than true roaming profiles a similar result can also be achieved.
These last methods involve no expense at all. Just some time and effort on your part which you would have to invest anyway.
Tony

Similar Messages

  • SQL Installation for SharePoint 2013 - Windows Firewall - Profile - domain, Public and Private - Which ones to choose?

    Hi there,
    I am setting up SQL Server (to be used in our SharePoint 2013 farm).
    The Firewall exception for SQL server gives me three choices in Profile section as 
    Domain, Public and Private profiles 
    Which ones should I choose please? 
    Thank you so much.

    Hi,
    According to your description, my understanding is that you want to set the firewall exception for SQL server.
    Domain profile—This profile is active when the server is connected to an Active Directory (AD) domain via an internal network. This is the profile that's typically active, because most servers are members of an AD domain.
    Private profile—This profile is active when the server is a member of a workgroup. Microsoft recommends more restrictive firewall settings for this profile than for the domain profile.
    Public profile—This profile is active when the server is connected to an AD domain via a public network. Microsoft recommends the most restrictive settings for this profile.
    More information, please refer to the link:
    http://windowsitpro.com/windows/windows-server-2008-r2-firewall-security
    Please 'propose as answer'
    if it helped you, also 'vote helpful' if you like this reply.
    Prabhu

  • In most web sites many web sites, the menue buttons do not appear i have to scroll over the screen untill the cursor changes indicating a button is actually there, and guess which one it is. I am using windows 7 , 64 bit

    In most web sites many web sites, the menu buttons do not appear i have to scroll over the screen until the cursor changes indicating a button is actually there, and guess which one it is. I am using windows 7 , 64 bit

    See:
    * http://kb.mozillazine.org/Website_colors_are_wrong
    * http://kb.mozillazine.org/Websites_look_wrong

  • Nolock and readpast which one give efficient performance

    Dear All,
    please help me.
    in both nolock and readpast which one give efficient performance.
    mastanvali shaik

    Dear All,
    please help me.
    in both nolock and readpast which one give efficient performance.
    mastanvali shaik
    Both are equally bad and are used by coders who just want to get things done and don't care about data integrity. So bottom line both are bad , avoid it.
    Please mark this reply as answer if it solved your issue or vote as helpful if it helped so that other forum members can benefit from it
    My Technet Wiki Article
    MVP

  • So i have 29 albums and my computer says it has 2.55gb on the itunes, and im planing on getting a iphone 5 that has 16gb or 32gb and idk which one to get? Can someone please help me out!!!!!!!!!!!

    So i have 29 albums and my computer says it has 2.55gb on the itunes, and im planing on getting a iphone 5 that has 16gb or 32gb and idk which one to get?  Idk but i just need to know how much storage  that can hold 2.55 gb of albums and rest of the apps and pic i gonna put on this iphone 5 im getting! please help!!!!! (16gb or 32gb?) If maybe can i get some tips about Storage!

    I certainly owuld not get the 16 Gb.  My old phone had 32 Gb and it was pretty much full.  I just depends on what you wan tto place on it in the way music, apps, videos etc

  • I cannot reactivate my e-reader with my existing Adobe ID and password which are both correct. I alwayss get the message "activation server error, Code: E_AUTH_NOT_READY" What kind of problem is this and what is most important, how can I solve it quickly.

    I cannot reactivate my e-reader with my existing Adobe ID and password which are both correct. I alwayss get the message "activation server error, Code: E_AUTH_NOT_READY" What kind of problem is this and what is most important, how can I solve it quickly. I am on holiday and want to read. Thanks for speedy reply.

    Yes, actually I talk about Digital editions. Do you know how to solve the problem as described in my first mail for Digital Editions? Thanks for your  kind assistance.

  • Compare to fields and show which ones dont exists?

    Hi
    I have two tables, one is SR_TRANSACTIONS and the other is SR_CUSTOMERS.
    I want to report on which companies are listed in SR_TRANSACTIONS but not in SR_CUSTOMERS i.e which ones need to be added before this database goes live.
    This is the query that shows a list of matching companies in both tables, could you suggest a modification of this code that shows which companies arent listed in SR_CUSTOMERS but are listed in SR_TRANSACTIONS?
    select DISTINCT      "SR_CUSTOMERS"."NAME" as "NAME",
          "SR_TRANSACTIONS"."CUSTNAME" as "CUSTNAME"
    from      "SR_TRANSACTIONS" "SR_TRANSACTIONS",
          "SR_CUSTOMERS" "SR_CUSTOMERS"
    where   "SR_TRANSACTIONS"."CUSTNAME" = "SR_CUSTOMERS"."NAME" Thanks
    Adam

    Use an outer join, like in following example :
    TEST@db102 > select * from dept;
        DEPTNO DNAME          LOC
            10 ACCOUNTING     NEW YORK
            20 RESEARCH       DALLAS
            30 SALES          CHICAGO
            40 OPERATIONS     BOSTON
    TEST@db102 > create table dept1 as select * from dept;
    Table created.
    TEST@db102 > delete dept1 where deptno=30;
    1 row deleted.
    TEST@db102 > select a.* from dept a, dept1 b
      2  where a.deptno = b.deptno(+)
      3  and b.deptno is null;
        DEPTNO DNAME          LOC
            30 SALES          CHICAGO
    TEST@db102 >

  • Windows Domain login and timer

    We are binding several Macs to the windows domain here.  That really hasnt been an issue, we used Centrify Express, and that went fine.  Users can log into the domain no problem.  All the Macs were built with a service account (UID svc-account) similar to an admin account on windows.  Any user can sit down at a Mac and if they enter good domain credentials they get logged in.
    But when a mac is first powered on, and gets to the login screen, the svc-account is first presented, then after about 10 sec, a little arrow appears.  by clicking on the arrow, you can choose "other user" and log in with domain credentials.  Is there a way to shorten this timer, or default to "other user", or default to any domain user account?

    We are binding several Macs to the windows domain here.  That really hasnt been an issue, we used Centrify Express, and that went fine.  Users can log into the domain no problem.  All the Macs were built with a service account (UID svc-account) similar to an admin account on windows.  Any user can sit down at a Mac and if they enter good domain credentials they get logged in.
    But when a mac is first powered on, and gets to the login screen, the svc-account is first presented, then after about 10 sec, a little arrow appears.  by clicking on the arrow, you can choose "other user" and log in with domain credentials.  Is there a way to shorten this timer, or default to "other user", or default to any domain user account?

  • Xsd and dtd: which one will overrule

    Hi,
    if I have both DTD and XSD, and the rules in them are conflicting (say: the DTD indicates that an element is mandatory and the XSD is indicating that the element is optional): which one will overrule?
    Kind regards

    An XML document may have only either a DTD or a schema specified.

  • Get Windows domain name and user through jsp

    I have a jsp page that will be viewed through ie on windows platform, that is a member of domain.
    I need to get the domain name and logged in windows user name to use it in my page.
    I've looked through similar topics. Found no answer.
    1.
    System.parameter("user.name") is not ok. it returns user that runs jvm.
    2.
    import com.sun.security.auth.module.NTSystem;
    NTSystem system = new NTSystem();
    system.getDomain()
    system.getName()that didn't work through jsp, though the answer is correct.
    3. I found some api at http://www.sinotar.com/download/swin/doc/index.html
    it did the right thing, but it's not free.
    Could anyone advice me smth?
    I've looked

    well, it won't work in your jsp because jsps run server-side
    could try putting an applet on your page that does it, but I wouldn't be surprised if the security manager put the kibosh on that, too
    a third - but clunky - way would be to write a quick java app that does it, and launch it through WebStart. bit ugly, and needs extra user input they might not want to do

  • Apple Mail on Macbook via windows domain network and microsoft TMG

    Hi folks.
    We run a windows network with server 2008 tmg, dcs, and exchange 2007.
    We have a few mac clients on our internal network. They log on locally but have all the correct network settings etc for proxy, network and internet access. Everything works fine through TMG including apple mail to our exchange server, and web browsing etc.
    The one thing that isn't working is apple mail to other mail providers. Specifically Gmail.
    I've created an access rule for testing purposes to allow all outbound traffic from a macbook pro. It still doesn't work, with the following being the only error:
    Denied Connection RHSTMG 21/05/2010 10:27:07
    Log type: Firewall service
    Status: An ingoing packet was dropped because its destination address does not exist on the system, and no appropriate forwarding interface exists.
    Rule: None - see Result Code
    Source: Internal (10.1.0.81:5353)
    Destination: External (224.0.0.251:5353)
    Protocol: Unidentified IP Traffic (UDP:5353)
    Additional information
    •Number of bytes sent: 0 Number of bytes received: 0
    •Processing time: 0ms Original Client IP: 10.1.0.81
    Someone on another (microsoft) forum said this:
    224.0.0.251:5353 is RendezVous protocol, which is used by Mac OS for locating services. it is multicast protocol and it's only purpose is locating things.most it has nothing to do with Google Mail.
    The mac has entirely unrestricted access to everywhere (in theory).
    Gmail account through windows 7 client using outlook is fine by the way.
    Nothing else is denied or refused when looking at the live logging.
    Any help with this would be great.
    Thanks
    Dave

    I had this problem too, but I found a post burried on the web that said to add " p06- "  (without quotes) before the imap and smpt server names and that worked:
    p06-imap.mail.me.com
    p06-smtp.mail.me.com
    Everything stays checked, SSL for both, authentication and use same username and password checked.

  • Can I make a wireless Windows domain? And does Group Policy work to limit domain accounts' capabilities?

    The first, most important question of this thread is if I can form a wireless domain or if I have to do it wired.
    If it matters, I have a Linksys E1200 router that does wireless and wired.
    My second question refers to Group Policy. Is this the way domains limit their user account's capabilities? Because I was planning on making a domain, so that I could have unified user accounts that I could control from the server, limiting what those accounts
    can access for further security. Is this what Group Policy does, and how would I move with starting that?

    Hi Adrian,
    >>The first, most important question of this thread is if I can form a wireless domain or if I have to do it wired.
    Just as Alan suggested, Active Directory domains support both wired and wireless connections.
    >>My second question refers to Group Policy. Is this the way domains limit their user account's capabilities?
    Group Policy is an infrastructure that allows you to implement specific configurations for users and computers. Group Policy settings are contained in Group Policy objects
    (GPOs), which are linked to the following Active Directory directory service containers: sites, domains, or organizational units (OUs). The settings within GPOs are then evaluated by the affected targets, using the hierarchical nature of Active Directory.
    Consequently, Group Policy is one of the top reasons to deploy Active Directory because it allows you to manage user and computer objects.
    Regarding group policy, the following link and articles can be referred to for more information.
    Group Policy for Beginners
    http://technet.microsoft.com/en-us/library/hh147307(v=WS.10).aspx
    Group Policy Planning and Deployment Guide
    http://technet.microsoft.com/en-us/library/cc754948(v=WS.10).aspx
    Group Policy
    http://technet.microsoft.com/en-us/windowsserver/bb310732.aspx
    Best regards,
    Frank Shen

  • Is Windows XP supported, and by which versions of NI-DAQ and LabVIEW?

    Which versions of NI-DAQ, LabVIEW, and LabVIEW Run-Time run under Windows XP?

    For all Windows/LabVIEW/Toolkits compatibility questions, check out this KnowledgeBase.
    (I know this is a pretty old post, but I'm replying anyway for posterity.)
    Happy developing!
    Sarah K.
    Search PME
    National Instruments

  • Windows Workflow Foundation and SAP Business One

    Does anyone here have any experience creating Windows Workflow Foundation (.NET 3.5) activities and workflows that interact with SAP Business One?
    A lot of examples in books show how easy it is to use workflows to write directly to a database, but we obviously cannot do that with SBO.
    I am most interested in where to place the code to log into the DI-API and how to pass that connection to the individidual activities.
    Thank you,
    Mike

    Michael,
    This could be done with some work using the DI Server and Business One Web Services (B1WS).  You can get more detail on B1WS from the Tools section of main SAP Business One page here on SDN ... although it does not go into WFS or WF.
    In the future when eSOA services are delivered for SAP Business One ... you will see that WF can be used much more easily.  This is an area that SAP is investigating ... keep a lookout on SDN!
    Eddy

  • UITextField and knowing which one was first responder

    I have a app with several UITextFields and I want to know which textfield was the first responder within the function.
    ie I have a text field created in interface builder and its outlet is assigned to nameField.
    So how can I know when nameField was the one that received the input from the keyboard of DONE ??
    - (BOOL)textFieldShouldReturn:(UITextField *)theTextField {
        return YES;
    I've tried
    - (BOOL)textFieldShouldReturn:(UITextField *)theTextField {
        [theTextField resignFirstResponder];
        if(theTextField == nameField)
            NSLog(@"I got here");
        return YES;
    But my NSLog output is not sent, so I don't know why theTextField is evaluating to false.
    Thanks

    Take a view based application and name it as textField.
    Make Sure that in interface builder set each textField delegate to File's Owner. Otherwise it won't work.
    Here is the code:
    textFieldViewController.h
    #import <UIKit/UIKit.h>
    @interface textFieldViewController : UIViewController <UITextFieldDelegate> {
              UITextField *textField1;
              UITextField *textField2;
              UITextField *textField3;
              UITextField *textField4;
              UITextField *textField5;
    @property (nonatomic, retain) IBOutlet UITextField *textField1;
    @property (nonatomic, retain) IBOutlet UITextField *textField2;
    @property (nonatomic, retain) IBOutlet UITextField *textField3;
    @property (nonatomic, retain) IBOutlet UITextField *textField4;
    @property (nonatomic, retain) IBOutlet UITextField *textField5;
    @end
    textFieldViewController.m
    #import "textFieldViewController.h"
    @implementation textFieldViewController
    @synthesize textField1;
    @synthesize textField2;
    @synthesize textField3;
    @synthesize textField4;
    @synthesize textField5;
    - (BOOL)textFieldShouldReturn:(UITextField *)theTextField {
              [theTextField resignFirstResponder];
              if (theTextField == textField1)
                        NSLog(@"I Got here");
              return YES;
    - (void)dealloc {
              [textField1 release];
              [textField2 release];
              [textField3 release];
              [textField4 release];
              [textField5 release];
        [super dealloc];
    @end

Maybe you are looking for