Macs in a Windows world
We IT professionals are seeing more and more Apple Mac computers on our comfortably Windows-based networks. In the past, it’s been easy to ignore them – after all, in many cases they belonged to just one or two users, none of whom tended to be an influential manager or executive. But today it’s just as likely to be the boss with a new Mac.
The good news is that modern Mac computers aren’t necessarily harder for us to support and maintain, and modern networks can cope with diverse systems more easily.
Talking to the network
In the distant past, Macs relied primarily on proprietary networking protocols like the notoriously chatty AppleTalk. Today, AppleTalk is disabled by default, and the Unix-based OS X uses familiar TCP/IP networking by default. The OS X Network preferences are essentially the same as Windows’ Network Control Panel. Macs use DHCP by default, typically have built-in 802.11a/b/g/n wireless, can be configured to use static IP addresses, and automatically enable IPv6 – just like Windows Vista.
What may seem to be missing are the familiar command-line network troubleshooting tools such as Nslookup, Ping, Tracert, and so forth; in fact, as it’s a Unix-based operating system they’re all present. You simply need to open the Utilities folder in Finder (OS X’s equivalent of Windows Explorer) and launch Terminal, the Mac’s command-line prompt. Some administrators prefer using the GUI-based network tools. In Finder, press Command-Shift-U to open the Utilities folder and double-click Network Utility. This provides quick access to the major troubleshooting tools for your network.
One important thing to know about OS X is that it automatically enables a networking protocol called Bonjour, which runs over TCP/IP. Similar in nature to NetBIOS and UPnP, Bonjour is a broadcast-based protocol designed to make printing, file sharing and related tasks easier on home or small networks – the Mac’s primary audience. It’s less useful on corporate networks and can be a source of unwanted broadcast traffic; to disable it you’ll need to run a command from the Mac’s Terminal window:
If you ever need to re-enable it, run:
Note that Bonjour is used for a number of the Mac’s cooler features, such as remote speaker sharing in iTunes; disabling it will of course disable these features. On a Mac notebook that’s used in the office and in the user’s home, that might be a problem, so be sure and discuss it with your users before disabling Bonjour.
Authenticating to Active Directory
These days, every Mac includes built-in support for Active Directory authentication. Macs can mount home directories based on information in AD, authenticate users and computers to AD and even discover domain controllers just like Windows does. The OS X Directory Utility doesn’t enable AD support by default, but once enabled, you simply supply the domain name and other basic information and you’re done. For more comprehensive AD support, including the ability to manage many Mac configurations settings via Group Policy, you’ll need to investigate a third-party solution such as DirectControl from Centrify (www.centrify.com).
Support for Active Directory authentication is built in to OS X; configure it in the Directory Utility application.
-- click image to enlarge --
The Network Utility provides a graphical user interface for the most common network troubleshooting tools.
-- click image to enlarge --
Macs have no problem sharing files with Windows users via Server Message Blocks (SMB). The Mac Sharing Preferences can be adjusted to enable or disable file sharing as well as other sharing services; the same Preferences pane is used to determine what folders are shared, rather than individually sharing folders via the file-browsing application, as you would do in Windows. You’ll notice that the Mac uses a simpler system of permissions than Windows – another part of the Mac’s Unix heritage. Groups can be given Read, Read and Write, or Write privileges, and that’s it; the Write-only privilege allows you to create a “drop box” where other network users can leave files for the Mac’s user, but not modify anything once it has been copied over to the Mac.
Accessing Windows-based shared folders is even easier: In Finder, press Command-K (I use the mnemonic “Konnect” to remember it; you could also select Connect to Server from the Go menu). In the dialog box that appears, type
using the appropriate server and shared folder names. The Mac will ‘mount’ the shared folder as a volume, making it appear much like a mapped drive does in Windows.