Apple Mac OS X Server System Imaging and Software Update Administration For Version 10.4 or Later Manuel d'utilisateur Page 11
- Page / 20
- Table des matières
- MARQUE LIVRES
Noté. / 5. Basé sur avis des utilisateurs
11
White Paper
Integrating Mac Systems into
a Medical IT Infrastructure
Conclusion—Mac OS X integrates into an existing Microsoft Active Directory without
requiring changes to the AD structure, but third-party plug-ins are needed to access
Exchange calendar functions from Apple Mail. AD users can log in to a Mac client and
access network resources such as le servers and printers. The hospital’s Microsoft Exchange
based email architecture directly integrates with the Apple Mail application and allows
LDAP-hosted contact data to be accessed from the Apple Address Book. Third-party software
packages, including Snerdware’s Groupcal and e2Sync Software’s e2-Exchange, allow Mac
access to Exchange calendar functions, but we did not test these solutions.
Controlling User Access to Devices
For Windows clients, the hospital relies on Sanctuary Device Control software to control
the device access permissions for all users. This tool comes preinstalled by the central IT
department and applies user-specic permission sets at login.
On the Mac OS X side, the Server Admin tools
15
include Workgroup Manager, a powerful
software package that helps manage users, groups, and their rights. While widely used
to administer a Mac OS X Server locally or remotely, it can also be installed locally on a
client version of Mac OS X to apply more granular control of user rights. For instance,
administrators can grant or restrict read and write access to removable media and net-
work locations (such as the blocking of USB sticks and external USB or FireWire hard
disks). They can also control access to applications, CD and DVD burning permissions,
and even the appearance of the user interface. (See Figure 2.)
Yet these detailed device and application access rules cannot be applied directly to
“managed users” of an Active Directory through the current version of the Workgroup
Manager application—at least, not without changing the Active Directory scheme. A
suitable solution is to set up a Mac OS X Server system to run as an Open Directory
server and to activate Active Directory authentication support on this server.
16
Apple’s
Open Directory
17
architecture is designed to integrate with standards-based LDAP
directory services and with proprietary services such as Microsoft Active Directory.
Via Open Directory, administrators can add Active Directory user groups to Open
Directory groups. Mac specic policies can then be applied to Open Directory groups
with Workgroup Manager. This solution also allows Mac OS X client systems to be added
to an Active Directory and Open Directory at the same time, and transparently provides
both authentication services and access rules.
Controlling Systemwide Access to Devices
By default, a Mac system can be started in a “Target Mode.” The system then acts like
a FireWire device and its hard drives can be accessed from a second computer via a
FireWire connection. Mac OS X can also be started in “Single-User Mode” or “Verbose
Mode” for troubleshooting. Although these are useful for administration and backup,
they represent a security hazard in a medical environment. To prevent this, the Apple
Firmware Password Utility lets administrators set a password for the system’s rmware.
(See Figure 3.) This means that users must provide the correct password before booting
to the special run modes mentioned above, or from external or optical devices or
network resources.
To further protect medical data, it is important to remember that a device that is not
present cannot be hacked. All unused hardware, therefore, should be physically dis-
abled. This includes detaching additional storage devices and removing Bluetooth and
WLAN adapters if not in use. At the very least, unwanted interfaces should be disabled
in the corresponding preferences pane of the system. To prevent physical access to the
built-in hardware, the Mac Pro system features a case-locking mechanism. This secures
internal hard drives and prevents their unauthorized removal.
Figure 2: Max OS X Workgroup Manager allows
administrators to control user access to features
such as applications (top) and storage media
(bottom).
Figure 3: Administrators can use the Apple
Firmware Password Utility to prevent unauthorized
users from booting Mac workstations from external
or optical devices or network resources.
- Integrating Mac Systems 1
- Infrastructure: 1
- Contents 2
- Executive Summary 3
- Managing the Explosion 4
- Apple Mac Pro and Mac OS X 5
- White Paper 6
- A Case Study: Integrating 7
- Workstation 7
- Mannheim’s Integration 9
- Ensuring Display Quality 12
- 50 percent gray level 13
- (HIS and RIS) 16
- Windows-based systems.” 17
- Final Thoughts 18
- References 19
Produits connexes et manuels pour Logiciel Apple Mac OS X Server System Imaging and Software Update Administration For Version 10.4 or Later
Logiciel Apple iDVD 5 Manuel d'utilisateur
(12 pages)
(12 pages)
Logiciel Apple Xsan Guide d'installation
(32 pages)
(32 pages)
Logiciel Apple Xsan 1.4 Manuel d'utilisateur
(24 pages)
(24 pages)
Logiciel Apple iDVD Manuel d'utilisateur
(10 pages)
(10 pages)
Logiciel Apple Shake 4 Manuel d'utilisateur
(18 pages)
(18 pages)
Logiciel Apple Keynote Guide de l'utilisateur
(152 pages)
(152 pages)
Logiciel Apple iWeb Manuel d'utilisateur
(25 pages)
(25 pages)
Logiciel Apple Xsan 1.4 Manuel d'utilisateur
(15 pages)
(15 pages)
Logiciel Apple GarageBand Spécifications
(122 pages)
(122 pages)
Logiciel Apple Keynote Guide de l'utilisateur
(247 pages)
(247 pages)
© 2020, manymanuals.fr. Tous droits réservés | 0.055 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commentaires sur ces manuels