Jump to main content.

UMN Active Directory.
What's Inside
 

Home > Non-Windows Management

Non-Windows Management

After a thorough RFP process, OIT has selected Quest Authentication Services (QAS) to extend Active Directory functionality to non-Windows computing environments. QAS's features include:

  • Single-sign on access of AD-attached resources with existing University identities.
  • Cached logons for off-campus access.
  • Group policy settings managed via existing management tools.
  • Unit-managed workstation logon restrictions.
  • Profile migration tools for existing local accounts.
  • Support for a variety of operating systems.
This service may be used by any unit leveraging OIT's Active Directory service.

Licensing

OIT has purchased an initial number of licenses based on expected growth and will purchase additional licensing as appropriate. To participate, please follow the instructions on the sign-up form.

Implemented Operating Systems

  • Mac OS X 10.5 - 10.7

Other operating systems will be added as interest is expressed. A complete list is available from Quest Software. Contact umnad@umn.edu, if your unit is interested in partnering to add support for another operating system.

Guidance and Best Practices

The Computer Management group and OIT have partnered to develop guidance and best practices for migration and management of non-Windows operating systems. Published guides can be found on the Computer Management Group Google Site

University Policy Compliance

OIT Active Directory strives to meet all University's Basic and Enhanced Security Policies. Where appropriate, these settings are configured as required or default; a small subset must be addressed at the unit or individual level and are left unconfigured.

Basic Security Policy - Mac OS X

Reference

Passwords or passphrases must be used

Required

Passwords must be at least 8 characters

Required

Passwords must be changed periodically

Required

Passwrods must contain 3 character types (lower case, upper case, numbers, special characters)

Required

User passwords must not be shared

Individual User Responsibility

A password is required upon resuming from inactive state

Required

Screen saver must activate within 30 minutes

Unit Responsibility

Desktop/laptop computers must be logged off during non-work hours

Unavailable

Administrative level account provided when required

Unit Responsibility

Separate standard user level account used for daily tasks

Unit Responsibility

A software firewall must be enabled

Unavailable

Anti-virus protection must be present

Unit Responsibility

Automatic Updates must be enabled

Unavailable

Enhanced Security Policy - Mac OS X

Reference

Disabled account auto-login

Default

Display account login with name and password

Default

Turn off IPv6 transition mechanisms

Unavailable

Turn on FileVault protection

Unavailable

Master FileVault password is set

Unavailable

Require password to wake computer

Required

Disable automatic login

Default

Require password to unlock secure system preferences

Unavailable

 

External Elements

Forms
Sign-up

Documentation/Guides

UMN: Computer Management Group
Vendor: Quest Software

Management Console Extensions
Distributed via SCCM

Agent Software and Documentation
Mac OS X
Linux
Solaris
AIX
HPUX

©2010 Regents of the University of Minnesota. All rights reserved.
The University of Minnesota is an equal opportunity educator and employer.