How to work with Macintosh computers in Windows Network?

Question

I am lost, we were a totally windows network, and recently, we have joined with 3 MacBooks.

I have no clue as to what they run, if they have an Anti Virus installed (I heard all about the: Mac's don't have viruses)

some of them (2) even connect to my network using the wifi of the 3rd one, which doesn't even give them our intranet IP.

What should the procedure of having Mac's in a windows network? I know I can't have an admin account on them. Should I give them a seperate subnet? Any tool like spiceworks that I can see their configurations? installed apps? running services?

thanks.

You sound like the guy trying to get us to run Sophos on our (isolated) Ubuntu Server box. — tomfanning, Mar 06 '12 at 08:15
Not far from the truth - :-) I just don't like you been isolated :-) — Saariko, Mar 06 '12 at 08:20

score 3 · Answer 1 · edited Mar 17 '17 at 13:14

Mac's do not have viruses is a load of bull. They are equally susceptible for viruses as a Windows computer. The only reason there weren't a lot of viruses around was because they went undetected or because of the small marketshare of Mac devices. This has changed! Also check security stackexchange

If they use their own NAT by using the WiFi of a third Mac you need to add this to your IT policy so that they know they shouldn't do this. Explain them why they have to connect separately to your network.

For Spiceworks:

Create an SSH Account in Spiceworks

From the Spiceworks dashboard, go to Settings -> Network Scan and create an SSH account with privileges on your Mac.
Enable Remote Login on the Mac

On the the target machine go to System Preferences -> Sharing and check the Remote Login box.

If they don't want to follow your policy, I would indeed give them a separate and restrictive subnet.

Thanks, as for #1 - I need to create an account on the MAC itself than? admin rights? — Saariko, Mar 06 '12 at 10:11

score 2 · Answer 2 · edited Apr 13 '17 at 12:45

One useful thing to do at this point is to ask yourself the following questions:

What these machines are doing on your network[who put them there, what are they doing with them?]
What services they need to access [internet? network shares? bespoke accounting intranet app?]
What level of service you are required to provide to these machines [Which has a bearing on whether or not you need department admin account access, for example]

Simply asking yourself these questions, if you haven't already, will improve your thinking about the problem, and posting your thoughts on them here will improve the answers you get from us. At the moment your question does read a bit like these things fell through an open window and landed on your desk at random and now you're wondering what to do with them...

I have no clue as to what they run, if they have an Anti Virus installed (I heard all about the: Mac's don't have viruses)

Macs don't come with AV installed by default. I would address this - regardless of the debate about mac viruses (and you will indeed find people who will believe macs are "hacker proof" out there) you don't want these systems holding files that might infect other machines on your network.

some of them (2) even connect to my network using the wifi of the 3rd one, which doesn't even give them our intranet IP.

That's nothing to do with "running macs on a windows network". That's basic configuration of the wireless connection on those machines. You presumably have a wireless infrastructure already? What happens when you connect those clients to the normal wireless connection?

What should the procedure of having Mac's in a windows network?

The answer to this depends on what you're hoping to achieve with them. What we do: Join them to the Windows domain (see this question on our sister site for Apple issues), have people log in using domain accounts, not local ones.

I know I can't have an admin account on them.

I don't see why not, we have local and domain admin accounts on all of ours.

Should I give them a seperate subnet?

Why? What would you hope to achieve by doing this?

Any tool like spiceworks that I can see their configurations? installed apps? running services?

Spiceworks will work, via SSH, as Lucas says.

score 0 · Answer 3 · edited Apr 13 '17 at 12:14

0

If you have Active Directory, there are steps to integrate Macintosh computers with AD.

See: What needs to be done/added on Apple MacBook Air in order to join domain and be managed?

You can have an administrative account on them.

edited Apr 13 '17 at 12:14

Community

1

answered Mar 06 '12 at 11:33

ewwhite

194,921
91
434
799

I want to point - I know how to bind the macs to the domain - I wanted to know how I can monitor them. – Saariko Mar 07 '12 at 08:02
Good that you bound the Macs to the domain. You asked for an Administrator account. Binding to the domain allows you to administer the systems with your AD domain account. That is in your original post. You asked for an account. – ewwhite Mar 07 '12 at 08:33

How to work with Macintosh computers in Windows Network?

3 Answers3