Apple Server Admin Tools 10.7.5 - Remote administration tools. Download the latest versions of the best Mac apps at safe and trusted MacUpdate Download, install, or update Apple Server Admin Tools for Mac from MacUpdate. I tried to MS RDP tool for MAC for all of 30Sec then uninstalled it. Like Alaerus I love the Server Manager on Win8. It to is the only reason I switch from Win7 to Win8 on my VM. Admin Tool VPN is a power tool developed by and intended for system administrators who require greater control of VPN settings on OS X Server.
If you can't remember your Mac's administrator account password, you aren't able to log in to your account or perform various tasks that require an administrator password. You can reset a user account password, including any administrator account, using one of the following methods.
Admin Tool For Machine
Make sure the Caps Lock key isn't active when you type in your password. That or any change in capitalization renders your case-sensitive password unacceptable.
Use an Existing Administrator Account to Reset Another Administrator Account
Resetting an administrator account isn't difficult, as long as you have a second administrator account to use. It's a good idea to have a second administrator account set up for troubleshooting various issues, including forgetting a password.
Of course, that only works if you haven't also forgotten the password for the other administrator account. If you don't remember that password either, try one of the other methods outlined below.
Log in to a second administrator account.
Launch System Preferences, and select the Users& Groups preference pane.
Click the lock icon in the bottom left corner of the preference pane and enter your administrator password.
In the left-hand pane, select the administrator account whose password needs to be reset.
Click the Reset Password button in the right pane.
In the screen that drops down, enter a new password for the account, verify it, and provide an optional password hint, if desired.
Click Change Password .
Resetting the password this way creates a new keychain file for the user account. If you want to use the old keychain file, see the instructions below.
Using Your Apple ID to Reset an Administrator Account
One of the features introduced with OS X Lion is the ability to use your Apple ID to reset your administrator account on your Mac. You can use this feature to reset the password for any user account type, including a standard account, managed account, or sharing account.
To use your Apple ID to reset an account's password, the Apple ID must be associated with that account. You would have associated your Apple ID with your user account either when you initially set up your Mac or when you added user accounts.
The Allow user to reset password using Apple ID must be checked in System Preferences > Users & Groups for this method to work.
Enter your password incorrectly three times at the login screen. You'll see a message that displays your password hint if you set one up, and the option to reset your password using your Apple ID. Click the small right-facing button next to the …reset it using your Apple ID text.
Enter your Apple ID and password and then click the Reset Password button.
A warning message will display, telling you that resetting the password will cause a new keychain file to be created. Your keychain holds frequently used passwords, so creating a new keychain usually means you'll have to resupply passwords for some services you use, including email accounts and some websites you've set up for automatic login. Click the OK button to reset the password.
Enter the new password along with a password hint and click Reset Password.
You'll be asked to restart when you are done.
Reset Your Administrator Password Using the Recovery HD Partition
Apple includes a Recovery HD partition on newer Macs. It contains a Reset Password option.
Restart the Mac while holding down the Command+R keyboard combination to enter the macOS Recovery partition. Release the keys when you see the Apple logo on the screen.
Select Utilities > Terminal to open a Terminal window.
Type resetpassword and press Return to open the Reset Password screen.
Select I forgot my password from the available options.
Enter the password for the account's Apple ID.
Apple sends an authentication code to another Apple device registered to the same Apple ID. If you don't own another Apple device, you can opt to receive the code by phone or SMS text. Enter the code in the field provided.
Enter the new password and, optionally, a password hint.
Restart the Mac.
Your administrator password has been reset.
First Login With New Password
When you first log in after changing your administrator password, you are greeted with a dialog box telling you that the system wasn't able to unlock your login keychain.
- There are three ways to continue. If you happen to remember the old login password, you can click the Update Keychain Password button. It's unlikely that you'll suddenly remember the password, so you probably need to use one of the other two options.
- The second option is to create a new keychain that uses your new password. This option creates a nearly empty keychain file that is accessed using your new password. This option resets your keychain, so you'll need to supply passwords for various services, such as Mail and websites that require usernames and passwords. Click the Create New Keychain button.
- The last option is not to do anything with the keychain system. You can finish the login process by clicking the Continue Log In button, which takes you to the Desktop. This is a temporary solution; the next time you log in, you'll be presented with the same keychain dialog box.
It may seem like a huge problem that your original login keychain is locked to the original password, and you find yourself forced to not only create a new keychain but also to resupply all those account IDs and passwords that you've built up over time with your Mac.
Having the login keychain locked from access is a good security measure. You wouldn’t want someone to sit down at your Mac and use one of the methods outlined here to reset your administrator account. If resetting the administrator account also reset the keychain files, then anyone could gain access to the login information you use with many services, including banking, credit cards, investments, and all the other websites on which you have accounts. They could also start sending and receive messages using your email account or use Messages to impersonate you.
It may seem like a major hassle to have to recreate all of your old login information, but it sure beats the alternative.
Avoiding the Keychain Login Issue
One thing you can do is use a secure third-party password service as a place to store your login information for various services. This isn't a replacement for Mac’s keychain but a secure storehouse for you to keep the information safe, one which you can access using a different, and hopefully not forgotten, password.
1Password is good, but there are many others to choose from, including LastPass, Dashlane, and mSecure. If you want to find more password management options, open the Mac App Store and search for the word password. If any of the apps look interesting, check the manufacturer's website. Many times they include demos that aren't available from inside the Mac App Store.
Editor’s Note: This story is reprinted from Computerworld. For more Mac coverage, visit Computerworld’s Macintosh Knowledge Center.
Centrify’s Direct Control for Mac is a complete solution for Active Directory environments in which you have to support Mac clients and need secure access to Mac OS X system components or must manage the user environment.
Direct Control allows you to join Mac OS X computers, as well as other versions of Unix/Linux, to Active Directory. You can organize them and delegate administration via organizational units known as zones. And you can manage them using a series of group policies specifically designed to work with Apple’s managed preferences model.
Overview
Direct Control for Mac fulfills a common need. Although Macs typically make up a small fraction of the total number of PCs in a corporate network, they often still need access to the resources of that network. And they still need to be controlled and secured according to company policies and government regulations.
Apple does include some Active Directory support in Mac OS X. But that support is limited to letting users log into a Mac workstation using an Active Directory account. It provides very little support for securing local resources—although, by default, it doesn’t grant Active Directory users local administrator access, so there is some safeguard. But it provides no support for configuring a managed user environment.
Another major limitation is that Apple’s Active Directory solution uses LDAP rather than Microsoft’s ADSI protocol when authenticating users, and it doesn’t support signed LDAP communication. This means that you must lower the domain security policy for Windows 2003 Server to support Mac clients, which can expose an Active Directory domain to increased risk of network attacks.
Direct Control for Mac offers full support for signed communication with Active Directory, although it does rely on Apple’s variation of Samba to provide access to file shares and print queue, and this version of Samba doesn’t support signed communication. Also, Directory Access uses the ADSI protocol. Further, Direct Control extends Active Directory’s smart-card authentication support to work seamlessly with Mac OS X.
More important, Direct Control offers several server-side components that allow you to fully support Mac users by assigning the user ID (UID) and group ID (GID) attributes that Mac OS X relies upon for user identification and file permissions.
While all the above features make Direct Control for Mac a tempting solution, the fact that it includes a range for group policies that can be used to secure and manage the Mac OS X environment is what makes it an excellent solution.
Direct Control for Mac uses group policies that integrate with the client-side components of Apple’s managed preference environment. The icing on the cake for Windows administrators is that Direct Control integrates well with Active Directory; managing Mac workstations has the same familiar feel as managing Windows PCs.
Installation and configuration
Installing Direct Control and its Mac system agent is extremely simple and straightforward. On the server side, once you’ve run the installer, you need to open the Centrify management console and configure the appropriate Direct Control organization tools. After that, you can add a Centrify snap-in to any Microsoft Management Console for easy management. Then you’ll need to use either the Group Policy Management Console or Group Policy Object Editor to add the appropriate administrative templates to a new or existing group policy object.
On the client side, you’ll need to install the Mac system agent. Again, this is a simple installer that can be run either as a Mac OS X installer package or a command-line shell script. The system agent includes a series of command-line tools and a plug-in for Apple’s Directory Access utility. You can join the Mac to a domain using either the command-line tool or the Directory Access utility.
The process is simple and similar to that of joining a Windows PC to a domain. Overall, the installation process on both client and server side is very painless, even if you’re not used to working with Macs.
In the zone
Direct Control introduces a type of organizational tool called zones. They’re used to apply necessary attributes to user accounts for Mac OS X (as well as other Unix versions) without making major schema changes to Active Directory. Each Mac user must be assigned to a zone but can be a member of more than one zone. Each Mac client must be a member of one, and only one, zone.
When configuring a zone, you specify UID attributes for users of that zone by entering a starting UID; each user added to the zone will receive the next-highest UID. You also specify which Active Directory group will be used as the primary group attribute for users as well as the associated GID attribute.
Zones also define the location of the home directory for users and which Unix shells will be available to them. You can delegate authority over certain zones if you want to split the administrative workload of managing them. You use the Centrify management console to create and manage zones, but you assign users to a zone by using the Centrify Profile tab that is added to the user's property window.
Zones allow you to group similar workstations and/or users for management purposes. They also make it possible to support situations where users may need conflicting settings depending on which computers they are using or if you want to limit which Macs users have access to. Zones can also be helpful as you migrate to Direct Control from other Active Directory solutions or even from using local workstation accounts. You can also generate reports about computer use for each zone, making them even more useful.
Zones are a powerful tool in Direct Control, and they also serve as an elegant solution for providing attributes that are needed by Mac OS X. However, when you first begin using Direct Control, the concept of zones and how to use them can seem a little confusing. Although zones affect some access to Macs and their configuration, they don't directly relate to setting group policies for Macs. This is definitely one section of Direct Control's documentation that you don't want to skip over.
While we’re on the topic, I should add that Centrify’s documentation is extremely thorough, and the answers to almost any possible question can be found in it. However, the current documentation places the majority of Mac-specific information in a separate document from the Direct Control guides, which can make it difficult to find answers. Centrify says it will provide a more streamlined set of user guides with the next major release.
Setting group policies for Mac OS X
Setting group policies for Macs using Direct Control is exactly the same as setting any other group policy. You create and link group policy objects to specific organizational units just as you would in any other situation. With the administrative template added to a group policy object, you can simply drill down to the settings that you want and configure them. Centrify includes detailed explanations of what each policy does and how to use it directly in the management console display.
Centrify’s initial Mac group policies, which are those included with the current release, are limited to features used for securing Mac OS X. These policies include requiring the use of a screen saver and enforcing the use of a password to exit the screen saver or to wake the computer from sleep; controlling the Mac OS X log-in window and fast user switching; limiting access to various network sharing services such as file and printer sharing; configuring Apple’s Software Update engine and the Energy Saver system preferences; and limiting access to System Preferences panes.
Centrify says it initially focused on group policies designed to secure Mac OS X because that is the most immediate need for many organizations. However, in an upcoming release, the vendor plans to offer a much broader set of group policies that mirror virtually all the Mac OS X Server preferences management functions. These include support for such things as configuring a custom Mac OS X user environment, setting mobile computer file-synchronization options and automatically opening applications or files at log-in.
Having had the opportunity to work with both the existing set of group policies and to see a preview version of the upcoming expanded set, I was amazed at Centrify’s success. The experience of managing Macs was exactly the same as managing Windows computers using group policies. Any experienced Active Directory administrators, even those who have no Mac support experience, will feel completely at home. Any experienced Mac administrator will also notice that Centrify has managed to mirror the preference management component of Mac OS X Server’s Workgroup Manager.
Overall impressions
Having worked with various methods of supporting Macs in a Windows Server environment for years and having worked with Mac OS X Server’s preferences management features, I had very high expectations for Direct Control for Mac. The product either met or exceeded my expectations, and I would highly recommend it to any company that’s running Active Directory and needs to support a handful of Macs. There are, however, a couple of points that administrators considering Direct Control should keep in mind.
Mac Admin Software
First, it doesn’t provide support for signed communications when browsing or allow access to Windows shares or print queues. This means that you will either need to configure your domain’s security policy to allow unsigned communications for these purposes or invest in a third-party solution, such as Thursby’s DAVE. This product adds more advanced support for the Windows server message block protocol to Mac OS X, including support for signed SMB.
Alternatively, there are server-side solutions such as Group Logic’s ExtremezIP, which allows the use of Mac OS X’s Apple Filing Protocol under Windows server with secure communication.
Second, Direct Control could be used by any experienced Active Directory administrator, regardless of Mac experience. However, I would suggest that if you are considering this solution, you will probably have more success if you have at least a passing familiarity with Mac OS X and basic Mac troubleshooting and networking concepts. That said, it is a solution that you will be able understand and use with very little learning curve.
[ Ryan Faas is a freelance writer and technology consultant specializing in Mac and multiplatform network issues. In addition to writing for Computerworld , he is a frequent contributor to InformIT.com. Ryan was also the co-author of O’Reilly’s Essential Mac OS X Panther Server Administration . ]
This story, 'Mac administration in a Windows world' was originally published by Computerworld.