PCs

Managing Macs in a Windows Shop, part 1

Lauren Malhoit walks you through the initial steps of bringing Macs into a Windows shop.
Some of our end users made the request to use Macs in our environment, which has been basically all Windows (except for a few Linux servers).  I set about finding the best way to manage these Macs in our little Windows world.  I put the question out to other admins to see what they were using to manage Macs and the answers I got back were mostly along the lines of "we don't" or "let us know what you end up doing."  Those options weren't viable for us so here are the other options I found:  Changing the Active Directory schema so that you can manage Mac policy via Group Policy Management, using software like Likewise or Centrify, or setting up what is called the "Magic Triangle."  I went with the latter as it seemed to be the option that offered the most flexibility while still managing the devices with account policies.  From the research I've done, changing the Active Directory schema is the least recommended setup as it could corrupt your current Active Directory setup and doesn't work 100% of the time.  The Magic Triangle in Figure A describes the links between the Mac Server, Active Directory Domain Controller, and the Mac clients.

Figure A

In this first part of a series of posts, I will go through the initial steps I took to install the necessary apps and try to save any of you from some of the troubleshooting (and starting over) that I had to go through.  Mac OS X Lion Server is not exactly what I would call enterprise ready, but it seems they're working on it.  In this series I'll be specifically talking about Lion server 10.7.  Be warned, different versions may have different options and there doesn't seem to be a whole lot out there specific to 10.7, but it is pretty close to 10.6.  You can purchase Mac OS X Lion Server from the Apple Store for $50 and install it on a currently running Mac OS X machine like a Mac Pro or Mac Mini.  I downloaded the Mac OS on a USB stick and started there. Here is a very detailed step-by-step:

  1. Insert the USB with Mac OS X in the Mac device
  2. Press the Option key while it is booting so that you may select the boot device
  3. Select the Mac OS X USB to boot
  4. Select Disk Utility to create and name partitions.
  5. Close Disk Utility
  6. Now choose (Re)install Mac OS X at the beginning menu
  7. Choose the drive you'd like to install the OS on (most likely the partition you just created) and give it a few minutes to install.
  8. Go through the account creation wizard
  9. Login using the account you just created which is by default an admin account
  10. Click on System Preferences in the dock to open it
  11. Click on Network
  12. Configure the Ethernet Adapter accordingly (I used a manual configuration to give it a static IP)
  13. Click Show All to return to System Preferences
  14. Click on Sharing
  15. You may edit the server's name here (let's call it MacServer) *Avoid using hyphens
  16. Put a checkmark next to Remote Login and Remote Management.
  17. While Remote Management is highlighted click on Computer Settings and put a check next to Anyone may request permission to control screen and VNC Viewers may control screen with password (enter a password in the password field).
  18. Now you may go back to your workstation and connect to the IP address using a VNC Viewer.  Before you click to connect, click Options and select Hextile and Full (all available colors).  You will not be able to connect if you don't use these options.
  19. Once connected, make sure you have an internet connection and then click on the App Store icon in the dock and search for OS X Lion Server.  Purchase and download it.
  20. Click on the server icon and click through the wizard to finish the installation.

At this point you have a Mac Device that you're using as a Mac Server, a Windows Domain Controller (I'm assuming) and at least one Mac client machine to test with.  For the Mac client, I suggest not using a Mac Book Air, as it does not have an Ethernet port.  It seems that most of the configuration requires all of the components be on the same subnet (for example 192.168.1.0/24).  The configuration will not work on different subnets or over wireless, even if your wireless has access to your network using an ACS or something like that.  If you do have a Mac Book Air, you can purchase a dongle so that you may connect to the network using a network cable and that seems to work pretty well.

In the next posts I'll go through configuring the magic triangle and setting up some of the policies I am using.  I highly recommend going through not only the steps, but the actual blog posts in order, as that seems to be VERY important (luckily I only had to completely wipe everything once and start over once...).  Good luck!

About

Lauren Malhoit has been in the IT field for over 10 years and has acquired several data center certifications. She's currently a Technology Evangelist for Cisco focusing on ACI and Nexus 9000. She has been writing for a few years for TechRepublic, Te...

7 comments
scottwatson99
scottwatson99

I'm new to Mac networking , so please bear with me. I need to clarify a few of your steps. 1.Insert the USB with Mac OS X in the Mac device I'm assuming the "USB stick with Mac OS X" is non server OS X and is being installed in a separate partition from the existing OS X on the" Mac device"? 4. Select Disk Utility to create and name partitions. This new partition will be where OS X Server is installed? What's minimum size to create the partition? 7. Choose the drive you???d like to install the OS on (most likely the partition you just created) and give it a few minutes to install. You're installing non server OS X at this point and it will be upgrading to Server OS X in step 20 ? Thanks for your help.

sedgwickb
sedgwickb

Will there be postings to follow on this topic? I am very interested to hear what else you have to say about your experience with the magic triangle.

macmanjim
macmanjim

If you wanted help with this, you had to go no further than a google search. afp548.com is a great resource for what you want to do as is macenterprise.com. Another is macwindows.com. There are plenty of experts out there that know what you want to do...It amazes me that windows admins having trouble finding the resources. I would also say that you are really glossing over some things, particularly the role of DNS in setting up Mac OS server with OD and I imagine the same would be true of AD.

eddie.mcgraw
eddie.mcgraw

Hi Lauren, I'm contacting you from Parallels. Would you like to share your email address with me? We have a few products that faciliate running Macs in a Windows shop (namely Parallels Desktop 7 for Mac Enterprise Edition) and I wanted to share some product info if you don't mind. My email is eddie.mcgraw@bitecommunications.com - if you shoot me a quick note I can get you the info right away. Thanks, and enjoyed the post.

lmalhoit
lmalhoit

Yes, you are installing OS X, not server OS X. You can download the server from the app store in later steps. I didn't have a current partition with the OS already installed. I'm assuming this is a new Mac with nothing on it, or you are overwriting the current OS. If you already have the OS on your device, feel free to use that and just download Lion Server (or Mountain Lion Server, whenever that comes out).

lmalhoit
lmalhoit

I did get a lot of my resources from google and from various books. You can feel free to add any helpful information that would be useful to readers. You are correct that DNS needs to be configured with entries for both servers. Thanks for your comments!