Home > Articles > Apple > Operating Systems
␡- The IE test involves sending two ICMP echo request packets to the target. The first one has the IP DF bit set, a type-of-service (TOS) byte value of zero, a code of nine (even though it should be zero), the sequence number 295, a random IP ID and ICMP request identifier, and 120 bytes of 0x00 for the data payload. The second ping query is similar, except a TOS of four (IPTOSRELIABILITY) is.
- Prey is an Open Source solution that has the user's privacy as a top priority. No data is reached without your consent. Feel free to review our code! HOW CAN I UNLOCK PREY'S DATA SECURITY FEATURES? Prey's free version offers room for 3 devices and most of Prey's features.
- Configuring Mac OS X to Log In Using Active Directory
You should check to see if the network is available before entering Deploy Studio. From the Recovery Boot Menu (CMD-R boot method) open the Get Help option (it has the Safari logo) and try to navigate to a webpage. If that is unsuccessful, you don't have network access at all. Verify the USB drive was formatted for compatibility with macOS. There are two special cases when. Network is unreachable Than I typed. Ifconfig: inet addr: 192.168.56.101 Than typed. Sudo /sbin/route add -net 0.0.0.0 gw 192.168.56.101 eth0 Now I'm doing the same ping and it says: Destination host is unreachable, for all the sequences. Do you guys have any idea what is the source of the problem. Edit 2: route output.
This chapter is from the book
This chapter is from the book
Active Directory is Microsoft's directory services solution that provides LDAP and Kerberos services for identification and authentication. Many organizations with Windows computers use Active Directory because it provides these features:
Unreachable Mac Os Catalina
- Security and policy management for Windows computers
- Tight integration with popular application servers such as Microsoft Exchange and Microsoft SQL Server
- High availability, with the ability to place multiple replica servers across geographic locations in a multimaster configuration
It is easy to integrate Mac OS X into an Active Directory environment. Although Mac OS X computers can access directory information provided by Active Directory via the LDAPv3 connector, you should use the Active Directory connector, which provides the following capabilities:
- Creating a computer account for secure communication with Active Directory services
- Configuring mappings of Open Directory objects and attributes to Active Directory objects and attributes
- Setting up the Kerberos environment for seamless integration with Active Directory
- Enabling SMB packet signing and packet encryption
- Support of Active Directory password policies
- Support of Active Directory sites, which directs Windows and Mac OS X client computers to the most appropriate services based on their IP network
- Caching information from Active Directory services so that Mac OS X computers can use the information even if they are not connected to the network
In this chapter you will learn how to use System Preferences, Directory Utility, and the command line to bind to Active Directory, and to modify the default settings for the Active Directory connector to enable login and access to a network home folder. You will learn how to overcome problems with your initial bind to Active Directory, and you will learn troubleshooting techniques for login problems with an Active Directory user account.
Mac OS X v10.6 brings numerous improvements to the Active Directory connector, from better caching to improved support for Windows Server 2008 domains.
Configuring Mac OS X to Log In Using Active Directory
You can use the Accounts pane of System Preferences, Directory Utility, or dsconfigad to bind a Mac OS X client computer to an Active Directory domain. dsconfigad allows you to configure some features that Directory Utility does not expose, but if you use dsconfigad you need to take some additional steps (such as enabling the Active Directory connector and adding the Active Directory node to your search paths). Before you bind, however, you need to know a few things about your Active Directory service.
Understanding Active Directory Terms
When you bind to Active Directory, you need to know the domain name and you must have the credentials of a user who has authorization to join computers to Active Directory.
A domain is the building block of Active Directory; it is a collection of directory objects such as users, groups, and computers. An Active Directory domain requires a domain controller, which can be a computer running any version of Windows Server 2000 through Windows Server 2008. A domain is identified by its DNS namespace; for example, the server windows-server.pretendco.com may be a domain controller for the domain pretendco.com. Active Directory relies on DNS records generated by a DNS service that is tightly integrated with Active Directory, so you should configure Mac OS X to use the DNS service associated with the Active Directory domain before attempting to bind.
A tree is one or more domains in a contiguous name space. A forest is a set of domain trees that have a common schema and global catalog, which is used to describe a best-effort collection of all the resources in a domain. The global catalog is commonly used for email address lookups.
Like standard Windows clients, Mac OS X binds to only one Active Directory domain at a time.
Understanding the Active Directory Computer Object
When you bind a Mac OS X client computer to Active Directory, you use or create a computer object for Mac OS X. Just like user objects, computer objects are used for identification, authentication, and authorization. The computer object has rights to do certain things, such as to bind and update its own DNS record.
When you bind a Mac OS X computer to Active Directory, Mac OS X uses the user credentials you supply to set up a computer object and password in Active Directory. This password is a shared secret between your Mac OS X computer and the Active Directory service. Your Mac OS X computer uses this password to authenticate to Active Directory and set up a secure channel to enable your Mac OS X computer to communicate with Active Directory. The password is randomly generated, and it is unrelated to the user account you use to perform the bind. For more information, see the section 'Confirming Your Active Directory Connector and the Samba Service Are Using the Same Active Directory Computer Password' in Chapter 8.
If you delete the computer object or reset the computer object password in Active Directory, you need to rebind Mac OS X to Active Directory in order for Mac OS X to access Active Directory.
When you use System Preferences or Directory Utility to bind to Active Directory, you see a suggested computer ID to use for the name of the Active Directory computer object. This computer ID is based on your host name (if you use the Accounts preference) or your Bonjour name (if you use Directory Utility). Regardless of what you enter as a computer ID, Mac OS X will use only the lowercase characters a–z, 0–9, dash (-), and underscore (_), in order for Mac OS X file sharing to be compatible with legacy Windows computers. If your computer name is longer than 15 characters, you may experience errors when binding to Active Directory. Each computer should use the same Mac OS X computer name and Active Directory computer name to help keep track of computer names, unless you have a good reason not to do so.
Specifying a User to Create the Computer Object
When binding to Active Directory, you need to supply the credentials of an Active Directory administrator or user who is authorized to create computer objects. By default, you can use a regular Active Directory user to bind to Active Directory ten times, but after that you will encounter an error. 'Troubleshooting Binding Issues,' later in this chapter, offers some solutions for this problem.
Binding to Active Directory with System Preferences
The simplest way to bind Mac OS X to Active Directory is to use the Accounts pane of System Preferences. The steps are as follows:
- Open System Preferences.
- Click Accounts.
- Click Login Options.
- Click Join next to Network Account Server.
- In the Server field, enter the name of the Active Directory domain—in other words, 'pretendco.com' not 'windows-server.pretendco.com.'
This can be any domain in the forest, but remember that the domain name is the DNS namespace of the domain, not the DNS name of the domain controller.
- In the Computer ID field, enter the name of the Active Directory computer object to use for this Mac OS X computer. By default, this displays your host name, which may be determined from a DNS record that matches your IP address, or your Bonjour name, if there is no matching DNS record.
- In the AD Admin User field, enter the name of an Active Directory administrator or the name of an Active Directory user who can join a computer to the domain.
- In the AD Admin Password field, enter the password for the user you specified in step 7.
- Click OK, and then provide a local administrator's credentials when prompted. Mac OS X attempts to bind to Active Directory with the default settings.
The Network Account Server field now displays a green status indicator along with the name of the Active Directory domain.
If you are bound to multiple directories, the Network Account Server field simply displays the dimmed text Multiple.
Binding to Active Directory with Directory Utility
Instead of the Accounts preference, you could use Directory Utility to bind to Active Directory, just like you would have with Mac OS X v10.5 and earlier. The process is very similar—you can click the Open Directory Utility button on the Login Options pane of the Accounts preference (shown in the figure below step 4 of the preceding exercise), or open Directory Utility directly from /System/Library/CoreServices/. You must specify the Active Directory domain as you did in the preceding exercise. Directory Utility offers more choices and advanced options, and it will be covered later in this chapter.
Logging In as an Active Directory User on Mac OS X
Once you bind your Mac OS X computer to Active Directory, you can log in with your Active Directory user account at your Mac OS X login window. By default, when you log in with an Active Directory user account, the following things are true:
- If your password will expire soon, you have the opportunity to change it during the login process.
- Your home folder is located on the startup volume.
- Active Directory grants you a Kerberos Ticket Granting Ticket (TGT) as part of the login process. You can confirm this by opening the Ticket Viewer application (in /System/Library/CoreServices).
Also note that in Mac OS X v10.6, the default preference for the Finder is to not display hard disks and or connected servers, so no items will be displayed on the desktop.
Specifying a User Name at the Login Screen
By default, when you are bound to another directory node, the Mac OS X login window also displays the option of 'Other.' This allows you to specify a user name from a different directory node, as shown in this figure:
When you select Other, the login window reveals a field for Name and Password.
At the Mac OS X login window, you can use many combinations of the user identifiers 'Full name,' 'User login name,' or 'User login name (Pre-Windows 2000)' from Active Directory, along with other elements of the domain name. Consider the figure below, which shows a user created with Active Directory tools.
You can log in with any of the following names in the Name field in the Mac OS X login window:
- schoun-regan
- sregan
- Schoun Regan
- schoun-regan@pretendco.com
- sregan@pretendco.com
- Schoun Regan@pretendco.com
- PRETENDCOschoun-regan
- PRETENDCOsregan
- PRETENDCOSchoun Regan
Understanding the Home Folder Default Behavior
When you log in with a user account for Active Directory, by default Mac OS X creates a home folder for the user on the startup volume in /Users/usershortname.
If a directory already exists with that name, Mac OS X will not create a new home folder. You may experience unexpected results because the Active Directory user does not have write permissions to the home folder.
See the section 'Transitioning from a Local User to an Active Directory User' later in this chapter, if that is appropriate for your situation.
Understanding Home Folder Synchronization
The default settings do not configure Mac OS X to synchronize the local home folder with a network home folder. If you log in as the same Active Directory user on multiple Mac OS X computers that are configured with the default settings for the Active Directory connector, you will have a different home folder on each computer, and the contents will not be synchronized. To prevent this situation, you can do the following:
- Configure mobile accounts and home folder synchronization. See the section 'Understanding Mobile Accounts' for more on this.
- Deselect the option to force the creation of a local home folder, and then use Active Directory tools to assign a network home folder for the Active Directory user account. See the 'Specifying a Network Home Folder' section for details.
Changing the Active Directory Connector Default Settings
The Active Directory connector's default settings might not meet your needs. For instance, you may want to not force local home folders on the startup volume, or you may want to specify Active Directory groups whose members will be considered local administrators when they authenticate locally on your Mac OS X computer. In this section you will learn how to use Directory Utility and the command line to configure some of the advanced options of the Active Directory connector.
Follow these steps to use Directory Utility to access Active Directory Advanced Options:
- Open Directory Utility (in /System/Library/CoreServices). If necessary, click the lock in the lower-left corner and provide credentials for a local administrator.
- In the toolbar, click Services.
- Make sure the Active Directory Service checkbox is selected.
- Select the Active Directory service.
- In the lower-left corner of the Directory Utility window, click the Edit button.
- Click the disclosure triangle next to Show Advanced Options.
Exploring the 'User Experience' Advanced Options Pane
The default pane for Directory Utility's Advanced Options is the User Experience pane.
The first option, 'Create mobile account at login,' is disabled by default. A mobile account caches user credentials locally so they can be used when the computer is not connected to the directory node. See the 'Understanding Mobile Accounts' section for more details about mobile accounts and synchronized home folders.
The 'Force local home directory on startup disk' option is enabled by default. If you enable this option, Mac OS X creates a local home folder in /Users/username when an Active Directory user logs in (unless a local home folder already exists at that location).
Specifying a Network Home Folder
There are at least two possible ways to specify a network home folder for an Active Directory user account:
- If your Active Directory schema has been extended to support Apple objects and attributes, map dsAttrTypeStandard:HomeDirectory to an extended attribute in your user record; then you can use Workgroup Manager to specify the home folder.
- Select the 'Use UNC path from Active Directory to derive network home location' checkbox and use Active Directory tools to populate the Home Folder field for an Active Directory user. The Active Directory connector maps dsAttrTypeStandard:SMBHomeDirectory to Active Directory's dsAttrTypeNative:homeDirectory. You can also specify this option with the -uncpath option of dsconfigad.
You must specify which file-sharing protocol to use: SMB or AFP (Apple Filing Protocol). SMB is the default setting, so it is easy to use Windows file services to host home folders for Active Directory users who log in to a Mac OS X computer.
Mac OS X has had full support for SMB packet signing since Mac OS X v10.5, a security feature (designed to prevent man-in-the-middle attacks) enabled by default on Windows Server 2003 SP1 and later. Many Windows Server administrators require client computers to use this option, which makes it impossible for computers using earlier versions of Mac OS X to access their SMB share points without installing third-party SMB client software.
AFP offers some advantages over SMB as a file service protocol for Mac OS X client computers: It is faster, native to Mac OS X, supports Time Machine and network Spotlight searching, and handles a wider range of filenames in a mixed environment. Unfortunately, Windows servers do not offer AFP by default.
Although Windows Server 2003 and earlier can offer AFP via Services for Macintosh (SFM), the SFM version of AFP is not current. For example, SFM supports only 31 characters in a filename, which causes a problem when Mac OS X uses a long filename, such as ~/Library/Preferences/ByHost/com.apple.iCal.helper.0017f3e00523.plist. SFM is not recommended for Mac OS X network home folders. If you must use your Windows server for network home directories, consider running a third-party AFP file service, such as GroupLogic's ExtremeZ-IP, on your Windows server.
You can use a Mac OS X Server to host network home folders for Active Directory users, whether they log in to Mac OS X computers or Windows computers. You can use Mac OS X Server's AFP service for users who log in to Mac OS X computers, and Mac OS X Server's SMB service for users who log in to Windows computers. Discourage users from simultaneously logging in as the same user on Mac OS X and Windows computers, because editing the same file over two different protocols simultaneously could corrupt the file.
For more information about offering file services from a Mac OS X Server, see Chapter 4, 'Using File Services,' in Apple Training Series: Mac OS X Server Essentials v10.6.
Logging In with a Windows Home Folder
If you use Active Directory tools to define a network home folder (dsAttrTypeNative:SMBHome) for the user, Mac OS X mounts the network volume that contains that Active Directory home folder. Unless you specify otherwise, by default the Active Directory connector creates a local home folder on the startup volume, so Mac OS X mounts the Windows home folder but does not use it as the user's home folder.
The network folder appears in the Dock, but the volume does not appear on the user's desktop by default. The default preference for the Finder in Mac OS X v10.6 is to not display mounted network volumes on the desktop. To change this in the Finder, choose Finder > Preferences and select the checkbox for 'Connected servers.'
When an Active Directory user with a valid Windows home folder (dsAttrTypeStandard:SMBHome) logs in to a Mac OS X computer that does not have the 'Force local home directory on startup disk' option enabled in the User Experience pane of the Active Directory connector, that user's home folder will be on a network server as expected. You may see question marks in the user's Dock, which represent the user's Documents and Downloads folders, which are not created automatically on Windows servers. If the network home folder is hosted on a Mac OS X Server file service, and you configured the Active Directory connector to use SMB rather than AFP, you should create the user's home folder on the Mac OS X server that hosts the home folder before the user logs in for the first time, so that the user has a home folder with the set of standard folders. By default, Mac OS X Server will create a home folder automatically if a user makes an AFP connection, but not an SMB connection.
If you deselect both the 'Force local home directory on startup disk' and 'Use UNC path from Active Directory to derive network home location' checkboxes, and an Active Directory user with no valid home folder defined attempts to log in, that user will not be able to log in at the Mac OS X login window; the login window will shake after an unsuccessful authentication and return to the login window.
Changing User and Group Mappings
By default, the Active Directory connector generates a unique user ID, or UID—dsAttrTypeStandard:UniqueID—for an Active Directory user record based on that user's GUID attribute. The calculated UniqueID is unique across the domain, yet consistent across every Mac OS X computer in the domain. Likewise, the Active Directory connector generates a unique integer for each Active Directory group record as well (dsAttrTypeStandard:PrimaryGroupID).
However, if you have extended your Active Directory schema, or if you have appropriate values populated in the RFC2307 attributes (which are already part of the Active Directory schema in domains hosted by Windows Server 2003R2 and later, but are not populated by default), then you can use the Mappings pane to access these attributes.
Be forewarned that if you change the mappings (after using Active Directory with the default mappings), users may lose access to files that they previously owned or could access.
Unreachable Mac Os Downloads
The Mappings pane, shown in the following figure, allows you to change the mappings for the following standard attributes:
- UID—dsAttrTypeStandard:UniqueID
- User GID—dsAttrTypeStandard:PrimaryGroupID
- Group GID—dsAttrTypeStandard:PrimaryGroupID
If the Active Directory schema is extended with Microsoft's Services for UNIX (SFU), and the attributes contain valid values, you can: Greektown hotel discount codes.
- Map UID to msSFU-30-Uid-Number
- Map both user GID and group GID to msSFU-30-Gid-Number
If the Active Directory schema has RFC2307 attributes that are populated with valid values, you can:
- Map UID to uidNumber
- Map both user GID and group GID to gidNumber
If the Active Directory schema is extended with Apple object classes and attributes, and the attributes are populated, you can:
- Map UID to UniqueID
- Map user GID to PrimaryGroupID
- Map group GID to gidNumber
Exploring the 'Administrative' Advanced Options Pane
The 'Prefer this domain server' option is one of the most misunderstood features of the Active Directory connector. If you select the 'Prefer this domain server' checkbox and specify an Active Directory domain controller, the Active Directory connector will prefer that server if your Mac OS X computer is contained within the same Active Directory site as the specified domain controller.
Use the 'Allow administration by' option to enable any user of the Active Directory groups that you specify to be in the group of local administrators for this Mac OS X computer. This is useful if you create an Active Directory group and populate it with users who should have the authority to administer the Mac OS X computers in your organization.
Restricting Authentication to Specific Domains
When you add Active Directory to your search path, Mac OS X automatically adds the node Active Directory/All Domains to your search path by default. If you want to restrict the authentication search path to use specific domains in your forest only, follow these steps:
- Deselect the option 'Allow authentication from any domain in the forest,' and then click OK to dismiss the Active Directory services pane.
- In the toolbar of Directory Utility, click Search Policy, and then click the Authentication tab.
- Select Active Directory/All Domains, click the Remove (–) button in the lower-left corner of the Directory Utility window, and then click OK at the confirmation dialog.
- Click the Add (+) button in the lower-left corner of the Directory Utility window. Directory Utility displays a list of the domains in your forest. Select the domains you want to enable in your authentication search path, and then click Add.
- Click Apply to activate the change.
Creating the Computer Account in a Custom Location
Unless you specify otherwise, the Active Directory connector creates computer objects in the CN=Computers container with the domain that you join. Depending on the configuration of your domain controller, this may not be correct. For example, some administrators have a special container (CN) or organizational unit (OU) for all Mac OS X computers.
Use the following steps to configure the Active Directory connector to add the computer to the container OU=Macs,DC=pretendco,DC=com. Rather than binding from the Accounts pane of System Preferences, you will bind from Directory Utility's Active Directory services pane, which offers different binding options.
- Open Directory Utility. If necessary, click the lock icon in the lower-left corner and provide credentials for a local administrator.
- In the toolbar, click Services.
- Make sure the Active Directory service checkbox is selected.
- Select the Active Directory service.
- In the lower-left corner of the Directory Utility window, click the Edit button.
If you are not already bound to Active Directory, Directory Utility displays the dialog shown in the following figure. If you are already bound, you must first unbind in order to change the location of your computer account (in this case, simply click Unbind).
- In the Active Directory Domain field, enter the Active Directory domain.
- In the Computer ID field, enter the name of the Active Directory computer object to use for this Mac OS X computer.
- Click Bind.
Directory Utility displays the authentication and Computer OU dialog.
- In the Username field, enter the name of an Active Directory administrator or the name of an Active Directory user who has authority to join a computer to the domain.
- In the Password field, enter the password for the user you specified in step 10.
- In the Computer OU field, replace the default text with the custom container in which to create the computer object for this Mac OS X computer to use. In the following example, the Active Directory administrator created a new OU specifically for Mac OS X computers and named it 'Macs'.
- Click OK to start the bind process, and then click OK to dismiss the Active Directory services pane. Quit Directory Utility.
Binding to Active Directory with dsconfigad
The dsconfigad command is particularly useful for scripting the process of binding to Active Directory, and it offers a way to bind with custom settings in one step. This command has drawbacks, however: It does not enable the connector, nor does it add the Active Directory node to the search paths. You must also use the defaults and dscl commands to accomplish those tasks.
To bind a computer to Active Directory with dsconfigad, collect the following information for the following dsconfigad options:
- -a—Name of Active Directory computer object to use
- -domain—Fully qualified domain name (FQDN) of Active Directory domain to join
- -u—Name of an Active Directory user who is authorized to add this computer to the domain
- -p—The password for the Active Directory user
- -lu—Name of a local administrator
- -lp—The password for the local administrator
The commands listed in the following exercise enable the Active Directory connector, bind to Active Directory, and add the Active Directory node to the authentication and contacts search paths:
- Use the defaults command to modify the settings of the file /Library/Preferences/DirectoryService/DirectoryService.plist:
- Use dsconfigad to bind to Active Directory:
- For the authentication search path, use dscl to add 'Active Directory/All Domains' to the custom search path (CSPSearchPath), and set the authentication search path to use CSPSearchPath:
- For the contacts search path, use dscl to add 'Active Directory/All Domains' to the custom search path (CSPSearchPath), and set the contacts search path to use CSPSearchPath:
- Stop DirectoryService, which automatically starts up again with these new settings:
- Use dscl to confirm that the Active Directory node is in the search paths:
- Use id to confirm that Open Directory knows about an Active Directory user.
In this example, the user aduser1 is an Active Directory user object. The -p option makes the output human readable:
If you issue the id command after binding and the result is no such user, wait a few seconds and then try again.
Using Configuration Options Available Only with dsconfigad
dsconfigad offers much of the same functionality that Directory Utility offers: You can bind, unbind, set configuration options, and show the status of a bind. In addition, dsconfigad offers some functionality that Directory Utility does not offer, such as the following:
- -packetsign —This supports packet signing options for both SMB and LDAP. SMB signing is required by default on Windows Server 2003 SP1 and later. This caused much frustration with earlier versions of Mac OS X. The default is to allow packet signing.
- -packetencrypt —This supports packet encryption options for both SMB and LDAP. The default is to allow packet encryption.
- -namespace —The forest option enables a user to log in even if there is another user account with an identical user name in the forest. Be forewarned that if you specify forest, the Active Directory connector calculates each Active Directory user's local home folder as /Users/DOMAINusername instead of /Users/username. Toggling the namespace setting after Active Directory users have already logged in can cause confusion, as Active Directory users perceive the contents of their home folder to be missing. The default is domain.
- -passinterval —This specifies how often Mac OS X changes the Active Directory computer object password, measured in days. It is common for Active Directory administrators to use Active Directory tools to look for computers that have not recently changed their passwords. The default is for Mac OS X to change its computer object password every 14 days.
Understanding Mobile Accounts
Theia mac os. A mobile account is a local copy of a network user account, with attributes and credentials synchronized at login if the network node is available. A mobile account allows you to log in even when the network directory node is not available. The mobile account concept is not specific to Active Directory, but the Active Directory connector provides an option to enable Mac OS X to create a mobile account when users log in. This enhances the user experience because it caches other information, such as group membership, about Active Directory. Mobile accounts work well when you synchronize the contents of the local home folder with a network home folder, but this is not automatic.
See the section 'Exploring the ‘User Experience' Advanced Options Pane,' earlier in this chapter, for instructions on configuring the Active Directory connector to configure Mac OS X to create mobile accounts. For more information about home folder synchronization, see the section 'Managing Mobile User Accounts,' of Apple Training Series: Mac OS X Server Essentials v10.6, or read Chapter 8, 'Managing Portable Computers,' of Mac OS X Server User Management Version 10.6 Snow Leopard.
Binding to Active Directory and Open Directory
In any circumstance in which a user account is missing some attributes—for example, because you cannot extend the schema, or you do not have authority to edit the attributes you are interested in—you can always try using the Magic Triangle, in which you use an Open Directory node to supplement data available from the primary node. You learned about this configuration in Chapter 3, in the 'Augmenting LDAP Data with Information from an Open Directory Server' section, and it is illustrated in the following figure:
The Magic Triangle configuration lets you apply managed preferences to Open Directory computers and workgroups, and then add Active Directory groups and users to Open Directory workgroups to manage them. See the instructions in Chapter 8, in the section 'Preparing Mac OS X Server for the Magic Triangle Configuration.'
Because the Active Directory connector dynamically generates mount records for network home folders, you do not need to provide an additional directory node or mount object to automount an AFP home folder.
Providing Managed Preferences to Active Directory Users
Using Active Directory Group Policy Objects is the traditional method for managing Windows users, groups, and computers, but Mac OS X is not compatible with Group Policy Objects. If you want to apply managed preferences to Mac OS X users, you could do any of the following:
- Augment Active Directory with an Open Directory server, and then make Active Directory users members of Open Directory groups to which you apply managed preferences. See 'Using Workgroup Manager to Provide Managed Preferences in the Magic Triangle Configuration,' in Chapter 8, for instructions.
- Use third-party software such as Thursby ADmitMac, Centrify DirectControl, Likewise Enterprise, or other similar products.
- Extend your Active Directory schema to handle Apple-specific object classes and attributes, and then use Workgroup Manager to manage preferences for objects in the Active Directory domain. See the white papers listed in the References section and Appendix B, 'Extending Your Active Directory Schema,' available online.
Configuring the Authentication Search Path
If you are connected to multiple directory nodes, and you store managed preferences settings for computers in one node, that is the node that you should configure to be listed before the other nodes in your authentication search path. See Apple knowledge base article TS2528, Mac OS X 10.5: Managed Preferences settings not applied to computer bound to multiple directory services for more information.
Получить AnyDesk для macOSНе требуется электронная почта, регистрация или установка!
Получите доступ и редактируйте данные и настройки на удаленных компьютерах или серверах с помощью приложения удаленного доступа AnyDesk для Mac. Наслаждайтесь бесшовной связью и простой настройкой. Предложите удаленную поддержку вашим клиентам. Вы можете рассчитывать на совместимость и стабильную работу AnyDesk независимо от того, к какой системе вы подключаетесь, Mac, Windows или Linux.
AnyDesk для Mac устанавливается быстро и просто. Наше приложение удаленного доступа имеет все необходимые функции и инструменты, чтобы из любого места обеспечить стабильное, защищенное и сверхбыстрое соединение с удаленными рабочими столами или серверами. Благодаря гибким лицензиям, AnyDesk можно адаптировать специально под ваши индивидуальные задачи.
Стабильный и защищенный — AnyDesk Remote Desktop для OS X
Высокая частота кадров и незаметная задержка AnyDesk клиента для OS X гарантирует стабильную и сверхбыструю скорость передачи. Собственный кодек DeskRT сжимает и передает изображения без потери качества и обеспечивает практически мгновенный отклик. Даже при интенсивной передаче данных программное обеспечение работает бесперебойно благодаря непревзойденной пропускной способности AnyDesk.
Безопасность AnyDesk для Mac OS — превыше всего! Благодаря стандартной банковской технологии шифрования TLS 1.2 и асимметричного обмена ключами RSA 2048 AnyDesk для Mac OS надежно защищает ваши данные. Корпоративную версию нашего приложения можно легко настроить в собственной сети, чтобы данные никогда не покидали вашу DMZ.
Клиент AnyDesk для OS X без проблем работает на любом компьютере Mac с последней операционной системой Apple или более ранними версиями. Мы постоянно добавляем новые функции.
Маленькое, идеально собранное приложение удаленного доступа AnyDesk для Mac быстро загружается и просто устанавливается. Оно не займет много памяти на вашем рабочем столе или сервере. Установите удаленный доступ к макбуку за несколько секунд!
Переключайтесь между стандартным и расширенным режимом одним кликом: AnyDesk поможет вам сократить функции или перейти к расширенным возможностям
Version 6.1.413 апр. 2021 г.
- Added new CLI commands:
Added CLI commands: Set Password, Register Licence, Get Alias, ID, Status or Version. More info by the link https://support.anydesk.com/Command_Line_Interface
1 мар. 2021 г.
- Support for native resolution:
New option to transfer image in native (Retina) resolution. - Bug on multi-monitor systems:
Mouse pointer coordinate transfer issue on multi-monitor system is fixed. - Bug with rendering:
Bug which may cause image rendering glitches is fixed.
27 янв. 2021 г.
- Extended drag'n'drop support:
Address book supports moving and copying items via drag'n'drop. Create desktop shortcuts for AnyDesk sessions via drag'n'drop - New option for handling display resolution:
'Auto-adapt Resolution' option in Display menu is now supported. - Remote screen handling:
AnyDesk doesn't light up the remote screen when only 'File Manager' feature is used. - Privacy feature support:
Privacy feature availability is now properly reported for older macOS versions. - General usage bugs:
Error which prevented some customers from accessing Address Book is fixed. Error which prevented some customers from accessing Address Book is fixed.
12 нояб. 2020 г.
- Support for new macOS:
Added support for new macOS 11 Big Sur. - Support for new hardware:
Added support for new Apple Silicon hardware. - File manager layout bug:
Fixed issue with File Manager UI layut under certain situations. - Fixes:
Fixed couple of small bugs.
7 окт. 2020 г.
- Session recording:
Separated settings for incoming and outgoing automatic session recording. - Security improvement:
Security improved for configurations with AnyDesk service installed. - Remote mouse cursor shape:
Fixed bug when remote mouse cursor has a wrong shape when using specific applications.
22 сент. 2020 г.
- Important - end of support for macOS 10.10 (Yosemite):
Version 6.0.2 is the last to support macOS 10.10 (Yosemite). We strongly recommend upgrading to newer macOS version in order to receive further AnyDesk updates. - Settings improvement:
Improved Settings for Interactive access. - User interface fixes:
Fixed menu actions for File Transfer and VPN sessions. Main window startup position issue fixed. Main window startup position issue fixed. - Screen recording permissions:
Fixed Screen Recording permission detection for Chinese users.
26 авг. 2020 г.
- Improved iOS support:
Support for improved connections to iOS devices. - Speed dial bugfix:
Fixed disabled context menu on Speed Dial items.
6 авг. 2020 г.
- Two-Factor Authentication:
When enabled, an additional dialog will be shown after authentication by password or token, requesting a time-based one-time password provided by a third device. This feature requires an app supporting TOTP. - Wake-on-Lan:
When enabled, devices running AnyDesk that are currently in sleep mode can be woken up by other AnyDesk devices in the same local network. - Speed dial improvement:
Hide individual item groups in Speed Dial. - Keyboard layout:
Fixed bug when keyboard layout does not match to input into Unattended Access password dialog. - Speed dial bugfix:
Fixed issue which prevented renaming of Speed Dial items. - Incorrect online state:
Fixed issue when sleeping mac reported incorrect online state. - Important - support for macOS 10.10 (Yosemite):
We plan to discontinue macOS 10.10 (Yosemite) support soon. We strongly recommend upgrading to newer macOS version.
17 июл. 2020 г.
- VPN connection:
With this mode two PCs can be put into a private network over a secured connection. - Support for 2FA:
Added support for connecting to Two-factor authentication enabled hosts. - TCP tunnel automated action:
Run user script when TCP tunnel is connected. - Installation procedure:
Drag'n'drop to Applications folder installation method is offered by default now (legacy install method is still supported). - New menu option:
Install Anydesk Service menu option added. - Support for macOS Big Sur beta:
Fixed application crash on macOS Big Sur beta. - Fixes:
Fixed couple of small bugs.
15 июн. 2020 г.
- Bugfix:
Fixed software update notification.
10 июн. 2020 г.
- Address Book view mode:
Thumbnail view mode has been added to Address Book. - Split Full Screen experience:
Split Full Screen experience enabled for Connection Window and Address Book. - Automatic startup:
Option to disable automatic startup of AnyDesk has been added. - Compatibility with mobile devices:
Keyboard input from mobile devices improved. - Connection type icon:
Connection type icon is now displayed correctly. - Fixes:
Fixed couple of small bugs.
7 мая 2020 г.
- Access Control List:
New feature Access Control List (or white list for incoming connections) is now available. - Multiple sessions:
Added support for multiple session windows. - Address Book:
Address Book improved for better usability. - Privacy permissions:
Improved macOS privacy permissions handling. - Compatibility:
Improved compatibility with 3rd party software. - Fixes:
Fixed couple of small bugs.
21 апр. 2020 г.
- Crash bugfix:
Fixed a crash when user account picture is not set.
17 апр. 2020 г.
- TCP Tunnels:
New TCP Tunneling (or Port-Forwrding) feature added. - Address Book new design:
Address Book has been completely redesigned for easier usage. - Start/Stop of session recording:
It is now possible to start/stop recording during the active session. - New information windows:
Added new System Information window and redesigned the About window. - Discovery feature security:
Significantly improved security of Discovery feature. - Accept window security:
Significantly improved security of Accept window. - Power usage improvement:
Optimised power usage for mac laptops. - Improved mouse scrolling:
Mouse scroll sensitivity adjusted. - Remote restart:
Fixed remote restart issue on some configurations. - UI bug fixes:
Fixed Password change UI for unattended access. Fixed Proxy configuration settings UI.
2 апр. 2020 г.
- Error handling:
Improved error handling. - Privacy permissions:
Better macOS privacy permissions handling.
7 февр. 2020 г.
- Enhanced usability:
Host key option allows users to use Right Command key to control the local macOS while connected to remote device. - Improved compatibility with Android devices:
Added support for Home and Back buttons when connected to Android device. - Installer improvement:
Reduced number of user password requests in AnyDesk installer. - AnyDesk remote update:
Fixed issue when user is not able to reconnect after updating AnyDesk remotely. - Custom Client on Yosemite:
Fixed crash on macOS 10.10 Yosemite related to custom AnyDesk configurations. - Fixes:
Fixed couple of small bugs.
14 янв. 2020 г.
- File manager:
File Manager upload function fixed. - Reconnect after AnyDesk update:
Fixed issue when user unable to reconnect after installing AnyDesk update. - Connection retry attempt:
Fixed crash on multiple connection retry attempt. - Keyboard input:
Improved keyboard input handling. - Fixes:
Fixed couple of small bugs.
11 дек. 2019 г.
- Accept window minimize:
It is now possible to minimize the Accept window into the Dock. - Installation process:
Installation process has been improved. - Recent sessions list:
Fixed display of client name in recent sessions list. - Remove displays:
Fixed indicator of remote displays. - Chat:
Fixed crash on incoming chat message. - Fixes:
Fixed couple of small bugs.
4 дек. 2019 г.
- New Privacy feature:
Enabling privacy mode during a session will turn off the monitor on the remote side so the screen content is hidden. - Blocking user input:
Mouse and keyboard input can now blocked for the computer being controlled. - Automatic screen lock:
New option to automatically lock remote screen when session ended. - Fixes:
Fixed couple of small bugs.
18 нояб. 2019 г.
- Fixes:
Fixed couple of small bugs.
5 нояб. 2019 г.
- Fixes:
Fixed couple of small bugs.
21 окт. 2019 г.
- New features:
Incoming connections are now displayed in the AnyDesk Dock icon - Bugfix:
Fixed issue when user is unable to reconnect to macOS Catalina and Mojave after remote restart. - Fixes:
Fixed couple of small bugs.
10 окт. 2019 г.
- Fixes:
Fixed update function in new version notification and minor bugfixes.
8 окт. 2019 г.
- Fixes:
Fixed crash on macOS 10.15 Catalina for remove keyboard input.
8 окт. 2019 г.
- New features:
Added Discovery feature and better support for macOS 10.15 Catalina - Fixes:
Minor bugfixes
https://softwarelean.mystrikingly.com/blog/mairo-maker-canceled-mac-os. 6 июн. 2019 г.
- Redesign:
New user interface design. - Fixes:
Minor bugfixes.
12 окт. 2018 г.
- File manager:
File Manager now available on macOS. - Screenshots:
Screenshots are now stored to the Desktop. - Speed Dial items:
Solved loss of Speed Dial items issue.
13 июл. 2018 г.
- Enhanced Usability:
Implemented custom context menu for AnyDesk ID (claim alias, show alias/show id, copy address). - Claim Alias now available:
Implemented claim alias feature for macOS, users can now choose an alias. - Keyboard Usability:
During a session, the hotkeys of macOS are disabled locally so they can be transmitted to the remote side. - Incoming file manager session refreshes:
Folder content was not refreshed on the remote side on copying files. The file manager view now refreshes automatically. - Compatibility for file manager session:
Incoming file transfer sessions did not allow to change directory to folders containing a space character. - Usability:
Select and Copy using Command+C now works on the AnyDesk ID. - Keep session alive:
AnyDesk now prevents macOS from going to sleep mode when there is an active session. - Request elevation improved:
Fixed an issue in the request elevation feature.
14 июн. Free online slots to play. 2018 г.
- Fixed Bug:
In some cases, the installation did not work at the first attempt. This should now always succeed on the first entry of the admin password. - Fixed Bug:
The clipoard did not work when connecting to macOS. The clipboard should now work in any case, including clipboard file transfer. Please click the file button at the top of the AnyDesk window in order to receive files from the clipboard on macOS. - Fixed Bug:
Improved stability. - Fixed Bug:
Removed the warning that the file is downloaded from the internet.
11 апр. 2018 г.
- Address Book:
The macOS version now supports your license's shared address books. - Session recording and playback:
Implemented recording and playback of sessions. - Connect to the login screen:
The macOS version also runs as a service and supports connections to the login screen, full unattended access, and user switching.
The british isles - vikings 793 ad mac os. Загружая и используя AnyDesk, вы принимаете наше лицензионное соглашение и наше заявление о конфиденциальности.
14 июн. Free online slots to play. 2018 г.
- Fixed Bug:
In some cases, the installation did not work at the first attempt. This should now always succeed on the first entry of the admin password. - Fixed Bug:
The clipoard did not work when connecting to macOS. The clipboard should now work in any case, including clipboard file transfer. Please click the file button at the top of the AnyDesk window in order to receive files from the clipboard on macOS. - Fixed Bug:
Improved stability. - Fixed Bug:
Removed the warning that the file is downloaded from the internet.
11 апр. 2018 г.
- Address Book:
The macOS version now supports your license's shared address books. - Session recording and playback:
Implemented recording and playback of sessions. - Connect to the login screen:
The macOS version also runs as a service and supports connections to the login screen, full unattended access, and user switching.
The british isles - vikings 793 ad mac os. Загружая и используя AnyDesk, вы принимаете наше лицензионное соглашение и наше заявление о конфиденциальности.
Обратите внимание наш опрос, чтобы помочь нам сделать AnyDesk еще лучше!
Если загрузка не запускается автоматически, нажмите кнопку «Загрузить» ниже.