Max OSX 10 on Large Windows Domain

TheMSsForum.com: The Microsoft Software Forum

Can anyone please point me to a resource that would explain the security
risks to placing Mac's on a Windows domain. I am trying to find how/if group
policy is/isn't applied and other security problems that can arise in a mixed
environment.

Thanks.
--
Top

Re: Max OSX 10 on Large Windows Domain by Lanwench

Lanwench
Wed Sep 13 21:33:32 CDT 2006

In news:0D08D553-2BD2-49BB-AFC0-5E1E5C4D85A3@microsoft.com,
RollNpc <RollNpc@discussions.microsoft.com> typed:
> Can anyone please point me to a resource that would explain the
> security risks to placing Mac's on a Windows domain. I am trying to
> find how/if group policy is/isn't applied and other security problems
> that can arise in a mixed environment.
>
> Thanks.

Security? Well, I don't know that I'd be worried about *security* risks in
having Macs and Windows in the same domain.
Group policy is irrelevant, because only Win2k/XP will be able to make use
of it, but that isn't really a security issue per se. What are your exact
concerns?



Top

Re: Max OSX 10 on Large Windows Domain by S

S
Thu Sep 14 05:21:10 CDT 2006

I'd say, Mac in Windows environment can be of an issue if integration will
require relaxed security. Reversible passwords required for early Services
for Macintosh and LM hashes used in early versions of Samba are the
examples.

Typical integration points:

* File and print services - Samba on MacOS - NTLMv2 and Kerberos are
supported although Kerberos config is PITA
* Web services - NTLMv2 is now supported in Firefox, not sure about Safari.
SSL is there to help.
* Mail system: MS Entourage is a native Exchange client, Evolution for MacOS
X also supports Excvhange; OWA is always an option. Those using Notes can
run the client on Windows in VirtualPC.
* PKI - limited capability, virtually no smart card support

Which makes Mac a reasonably secure client. Proper configuration and
assessment required.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-


"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in message
news:ORU6BZ61GHA.4228@TK2MSFTNGP06.phx.gbl...
> In news:0D08D553-2BD2-49BB-AFC0-5E1E5C4D85A3@microsoft.com,
> RollNpc <RollNpc@discussions.microsoft.com> typed:
>> Can anyone please point me to a resource that would explain the
>> security risks to placing Mac's on a Windows domain. I am trying to
>> find how/if group policy is/isn't applied and other security problems
>> that can arise in a mixed environment.
>>
>> Thanks.
>
> Security? Well, I don't know that I'd be worried about *security* risks in
> having Macs and Windows in the same domain.
> Group policy is irrelevant, because only Win2k/XP will be able to make use
> of it, but that isn't really a security issue per se. What are your exact
> concerns?
>
>
>


Top

Re: Max OSX 10 on Large Windows Domain by Robert

Robert
Thu Sep 14 16:23:06 CDT 2006

RollNpc wrote:
> Can anyone please point me to a resource that would explain the
> security risks to placing Mac's on a Windows domain. I am trying to
> find how/if group policy is/isn't applied and other security problems
> that can arise in a mixed environment.

Group Policies are not applied to Mac clients, as Lanwench noted.

The mac clients are quite configurable however, with various tools such as
the Apple Remote Desktop Tool, and if you have enough OS X clients to
justify it you can add a Mac server to your network, integrate it into AD,
and use this to centrally manage OSX client configuration and manage user
configuration from the Windows server as you do now.


--
--
Rob Moir, Microsoft MVP for Security
Blog Site - http://www.robertmoir.com
Virtual PC 2004 FAQ -
http://www.robertmoir.co.uk/win/VirtualPC2004FAQ.html


Top

Re: Max OSX 10 on Large Windows Domain by Joe

Joe
Sun Sep 17 17:03:48 CDT 2006

Look at the Centrify product suite as I believe they support MACs now.
That will give you good kerberos based secure logon and group policy
support.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


RollNpc wrote:
> Can anyone please point me to a resource that would explain the security
> risks to placing Mac's on a Windows domain. I am trying to find how/if group
> policy is/isn't applied and other security problems that can arise in a mixed
> environment.
>
> Thanks.
Top