Managed Mac Madness

I figured I’d start things off with a general overview of what we are looking to do here at Hopkins for the Mac users we support. First off, some clarification.

What is Client Management?

At its simplest, client management is the ability of an administrator (usually from IT) to make changes to a user’s desktop computer (the “client”), and to monitor its status remotely. In large institutions like JHU/JHMI administrators must support hundreds of users, so the ability to monitor and make changes to many clients at once is of the utmost importance. Understand that you still have control over your own computer, but client management ensures that an administrator can gain access to help you with complex problems.

The other side of client management has more bearing on a user’s experience on their computer. A managed computer can authenticate to the Hopkins system, allowing you to log in with your JHED ID and password when you turn it on. This way, you don’t need a separate password for your desktop machine, as many Mac users here do at present. Once you are logged in a managed machine can automatically connect you to shared network resources (such as your H: drive), and configure applications automatically based on your school account (email, for instance), among many other things.

There are a whole host of benefits to users, their administrators, and the entire organization to be gained by managing clients. I have listed a few here that we are considering for our Mac management services. All of these benefits are obtainable on Macs but it may not be feasable to implement all of them. In the coming weeks we will discuss them in detail, but I wanted to put this list out there in case people wanted to add to or comment on it.

Users/User Departments:

• Authentication with University credentials
• Automount of network resources at login
• Automatic configuration of applications, OS settings from user profile info
• Multiple users on a single machine without manual account creation, local admin rights
• Portability of user settings

Admins

• Automation of OS and application updates
• Easy remote access to clients without a local account
• Hardware audits and life cycle management
• Large scale network image deployment
• Application package deployment

Enterprise-Wide

• Anti-virus/endpoint protection policy compliance
• Portable computer encryption policy compliance
• Network security policy compliance
• Ease of forensic investigation
• Extending Directory functions may ease management of other desktop OS’s (*cough* Linux! *cough*)

I have posted the rules for posting/commenting on this blog, and a short disclaimer on a permanent page, available from the top of the front page. Feel free to log comments on that page for any changes you think should be made.

This is the new brand spankin’ new blog for The DCS Homewood Mac Management Project. Shout-outs to Mark and Brian! Look out world (ok, just Hopkins)