This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Disk Encryption for Macs - Directly to server not in AD Does this matter.

Hi.

So our Mac Users we are basically not usng AD for them.  So they appear in the Safeguard Tree directly under the safeguard server and not in the AD Section.  They are just authenticating to the Macs using a password that we've set for them that matched their LDAP Password. They appear in safeguard and we have an admin account that we enable on each of them and also add to encryption so there is always at least a second user on each Mac that we can use to get in, in case they delete or corrupt their profile.

Does this Matter? Are there are any big reasons why we shouldn't do this? 

Cheers



This thread was automatically locked due to age.
Parents
  • I would domain join the macs, personally, this is the practice I have on our side here. It's fairly simple, you domain join them, delete the local account but keep the folder, then chown -R the folder to the domain user after renaming it to the domain user's name. I've done this multiple times without a hitch.

     

    From there the client's AD will show up in the SGN tree and will inherit policies etc. Doing it any other way would IMO be messy but I have multiple companies under our SGN tenant.

Reply
  • I would domain join the macs, personally, this is the practice I have on our side here. It's fairly simple, you domain join them, delete the local account but keep the folder, then chown -R the folder to the domain user after renaming it to the domain user's name. I've done this multiple times without a hitch.

     

    From there the client's AD will show up in the SGN tree and will inherit policies etc. Doing it any other way would IMO be messy but I have multiple companies under our SGN tenant.

Children
No Data