Macintosh Configuration Management
Will Jorgensen
1
2
Overview
In the beginning…
3
4
Imaging is our Foundation
Apple Software RestoreMac OS X Baseline ConfigurationNetwork Registration & MHP Setup
CIS Benchmark http://www.cisecurity.org/bench_osx.html
Apple Security Configuration Guide http://images.apple.com/server/macosx/docs/Leopard_Security_Config_2nd_Ed.pdf
5
MHP Setup
6
User takes over
Configure FileVaultInstall non-core applicationsSetup a backup strategy
7
FileVault
Laptops and offsite computersSingle encryption key
/Library/Keychains/FileVaultMaster.keychain
Tightly controlled decryption key
8
Installing Applications
PNNL InstallerUsers still administratorsMinimum required software
Symantec AntiVirusPNNL Configuration Tool
9
Backup Policy
“Make backup copies of software, application, and data files. The frequency of the backup is based on the matter’s value, the frequency and volume of changes, and ease of restoration from loss or corruption. For example, data files that continually change should be backed up more frequently than static files or less dynamic data. For sensitive systems, backup requirements are established in computer security plans. For information on workstation backup services, see Data Backup Options on InfoSource.”
10
Workstation Backup and Restore
File Share & Tri-BackupFlexibleBrowse in Finder
Time MachineEfficientFlexible
11
Configuration Management
Apple Remote DesktopWorkgroup ManagerActive DirectoryMCM or the PNNL Configuration Tool
12
Golden Triangle
Active Directory 2003User AccountsKerberos
Mac OS X ServerPreference ManagementWeb Services
13
Apple Remote Desktop
ARD 3Help Desk ToolBack door
14
Macintosh Configuration Management (MCM)
Server SideWeb server
Client SideShell scripts and applicationsChecks in every 60 minutes
15
MCM Process Flow
16
Challenges
Intermittent network connectionsSometimes things just don’t workAudit and EnforcementResource constraints
17
Enhancements
Manage Firewall SettingsStaff log in with user accountsFull disk encryptionInstaDMGConnected Backup