Compatibility and network security are important. ADmitMac v3.2 is the only Mac product that provides full support for Windows’ highest level of security - right out of the box!.
ADmitMac v3.2 allows PowerPC and Intel Macintosh users running Mac OS X 10.3 Panther, or Mac OS X 10.4 Tiger (with the latest updates), to participate in and take advantage of all the directory services provided by Microsoft’s Active Directory, NT, and Apple’s Workgroup Manager. As a result, administrators can manage their domain users consistently regardless of which operating system they use. ADmitMac allows Macintosh access based on domain credentials and provides support for local or network home folders.
ADmitMac is tailored for multi-user, multi-computer scenarios with administrator defined network security. It supports the highest levels of security and does not require the downgrading of security when using Windows Server 2003. Kerberos is used to provide secure directory access, thus reducing the risk of unwanted disclosure, spoofing, and man-in-the middle attacks. ADmitMac works with domains configured using Microsoft’s Highly Secure (HISEC) security templates, automatically configuring the Macintosh to use Kerberos, obtains the necessary security keys from the domain and performs mutual authentication requiring the server to prove its identify. ADmitMac also works with older NT directory services.
ADmitMac can cache successful user login information for later use. This allows mobile users to use their domain account when not connected to the network.
ADmitMac includes a plug-in for Apple’s Workgroup Manager. This plug-in allows administrators to implement Apple’s Mac OS X desktop management (MCX) settings for Active Directory domain users. ADmitmac also includes AD Commander - a Macintosh utility that allows administrators to manage Active Directory users and groups.
BASIC ADmitMac FEATURES
DOMAIN SERVICE REQUIREMENTS
- Administrators can easily manage Macintosh computers in their Microsoft Windows domain - without special training.
- Installs on the Mac with no Active Directory schema changes required.
- Provides secure access using Kerberos.
- Provides bidirectional file and printer sharing.
- Supports Windows login security restrictions.
- Allows users to easily change passwords.
- Support for Dfs - home directories can be mounted using Dfs, and Shares on the Mac support Dfs as well.
- Supports NTFS file format - does not create “dot-underscore” files.
- Supports Windows ACLs (Access Control Lists) under OS X v10.4.2 “Tiger.”
- Supports long share names.
- Preserves users’ custom desktop and documents no matter which computer they log into.
- Offers complete interoperability with Services for Macintosh.
- Works with older NT directory services.
- Users can mount shared folders to which they are allowed access via the ADmitMac Browser or Connect to Server.
- Microsoft Server 2003 with Active Directory
- Microsoft Windows 2000 with Active Directory or operating an NT domain
- Microsoft NT service pack 6 or later operating an NT domain
- Allows for user login with home directories located on the Macintosh client’s local hard disk.
- Automatically configures Macintosh for use with Kerberos. Kerberos configuration files are generated automatically.
- Fully signed and sealed (encrypted) LDAP connections prevent disclosure of user’s personal information and prevent man-in-the-middle attacks.
- Support for bidirectional SMB-signed connections, NTLM SSP, and NTLMv2.
- Expired and reset passwords are handled correctly when users log in to the Macintosh desktop.
- Caches user credentials for mobile user access when not connected to the network.
- Supports browsing for published shares.
- Print client can access shared printers. Printers may be configured by browsing the list of printers published in a domain, or manually.
- Kerberos credentials are set up automatically when a user logs in. No changes to /etc/authorization are required.
- Cross-realm trust with MIT Kerberos.
- Support for multiple domains within a forest.
- Administrators can choose domain search paths for users, groups, and published printers and shares to limit searches to specific organizational units.
- Administrators can choose to give domain members administrative privileges based on their username or domain group membership.
- Administrators can give administrative privileges to the user specified as the Macintosh’s manager in the domain’s computer records.
- Supports Mac OS X Server service principal names.
- Home directories may be located at a path where the user does not have access to the parent folders.
- Administrators can utilize Apple’s Workgroup Manager MCX settings.
- ADmitMac Deployment utility creates custom ADmitMac install packages for multi-computer installations.
- Dynamic DNS registration support: the Mac will register its IP addresses with DNS using its computer account name.
- AD Commander tool allows Administrators to edit Active Directory users and groups as if you were using AD Administrator Tools.
ADmitMac Software Product Description (PDF)