Mac/Windows integration is our next tech topic. For many Windows admins, it can be a struggle to give Mac OS users in their organization the same experience that PC users enjoy. However, both Mac OS and Windows have come a long way in recent years toward providing admins with the tools they need to integrate Macs into Windows environments.
In this article, we’ll look at a few tricks that Windows admins can use to make life a bit easier for their Mac users.
1. Enable AD Domain Authentication for Macs
If you’re using a Microsoft Active Directory domain, joining your Macs to the domain is a simple process. It will allow your users to enter the same credentials on Macs and Windows, and provide them with single sign-on (SSO) for various network resources.
To join (or “bind”, in Mac-speak) a Mac to an AD DS domain, follow these steps:
Open System Preferences > Users & Groups. Click “Login Options”. Click the “Join…” button next to “Network Account Server”.
Click “Open Directory Utility”. Select “Active Directory” and click the Edit pencil icon.
Next to “Active Directory Domain:” enter the FQDN of your AD DS domain. Then enter the computer name that you would like the Mac to use.
Also, there are some options that you can set to make management easier.
“Create mobile account at login” allows each user who logs in to create a cached account that can be used without access to the AD domain controllers. As the name implies, this is a good option to set for MacBooks. If you don’t want every account to automatically become a mobile account at login, check “require confirmation…” underneath that option.
You also have the option to automatically mount the user’s home path from Active Directory when they log in to the Mac. If you use home paths in your environment, feel free to leave this option checked.
On the Administrative tab, you have the option to set AD groups whose members automatically become local admins on the Mac. If you use a group other than domain admins for workstation admins (which you should!), enter it here:
Finally, click the “Bind…” button. You’ll be prompted to enter the credentials for an account that has rights to join computers to the domain. If all goes well, you’ll receive a confirmation. Reboot the Mac, and then log in with a network account to verify.
2. Disable .DS_Store Files on Network Shares
Once your users are able to log in to their Macs with their domain credentials, they will begin to connect to Windows file shares. And, like cookie crumbs, they will leave a trail of .DS_Store files behind them.
.DS_Store files are used by Finder on Macs to store (non-essential) information about folders. Some things like icon order and position, window position, some search metadata, etc. On Unix-like OS’s, the leading period makes it a hidden file by default, but Windows users will see them in every folder that has been viewed by a Mac user.
However, it just takes a simple command to prevent these files from being created by Macs on network shares.
Open Terminal.app (/Applications/Utilites/Terminal)
This command will need to be repeated for each user of the Mac. After rebooting, .DS_Store files will no longer be created on network shares for that user.
3. Understanding Exchange Integration
Exchange integration, on both Mac OS and iOS, have come a long way. Since Mac OS 10.6, the Mac Mail application can talk directly to Exchange servers and provide access to mail, calendars, to-do lists, and notes.
However, in order for Mac clients to be able to talk to your Exchange servers, you’ll need to make sure that Exchange Web Services (EWS) is enabled on your Client Access servers. While this is separate from Exchange ActiveSync (EAS) that provides mail to phones and tablets.