managing group policies for non windows computers through microsoft active directory
TRANSCRIPT
-
8/14/2019 Managing Group Policies for Non Windows Computers through Microsoft Active Directory
1/14
89 Fifth Avenue, 7th Floor
New York, NY 10003
www.TheEdison.com
212.367.7400
WhitePaper
ManagingGroupPoliciesforNon
WindowsComputersthrough
MicrosoftActiveDirectory
-
8/14/2019 Managing Group Policies for Non Windows Computers through Microsoft Active Directory
2/14
Printedin
the
United
States
of
America.
Copyright2009EdisonGroup,Inc.NewYork.EdisonGroupoffersnowarrantyeitherexpressedor
impliedontheinformationcontainedhereinandshallbeheldharmlessforerrorsresultingfromitsuse.
Allproductsaretrademarksoftheirrespectiveowners.
FirstPublication: April2009
Producedby: AndrewPodosenin,SeniorAnalyst;BarryCohen,EditorinChief
-
8/14/2019 Managing Group Policies for Non Windows Computers through Microsoft Active Directory
3/14
TableofContents
Tableof
Contents......................................................................................................................... 1
ExecutiveSummary ..................................................................................................................... 1Introduction .................................................................................................................................. 2ManagingGroupPolicies........................................................................................................... 3
PredominanceofWindowsPlatform..................................................................................... 3GroupPolicyManagement.................................................................................................. 3SchemaExtension ................................................................................................................. 3EaseofUse ............................................................................................................................. 4UniformityofManagement................................................................................................. 4PolicyManagementFeaturesAvailablethroughActiveDirectory............................... 4ManagementComplexitiesintheUnixEnvironment..................................................... 5
CrossplatformChallenges ...................................................................................................... 6LimitationsofSUDO ............................................................................................................ 6LimitationsofNIS/NIS+....................................................................................................... 6LimitationsofRBAC............................................................................................................. 6Kerberos
Authentication...................................................................................................... 7
LimitationsofFilePermissionsinUnix............................................................................. 7ManagingPoliciesAcrossDifferentFlavorsofUnix/Linux ...........................................7
AdvantagesofManagingUnixPolicieswithLikewise....................................................... 7ComplexitiesofManagingPoliciesinMacOSXEnvironment ..................................... 8
ConclusionandRecommendations........................................................................................ 11
-
8/14/2019 Managing Group Policies for Non Windows Computers through Microsoft Active Directory
4/14
ManagingGroupPoliciesforNonWindowsComputersthroughMicrosoftActiveDirectory Page1
ExecutiveSummary
Currently,midsizeandlargeenterpriseshavetomanageidentitiesandpolicies
uniformlyacrossaheterogeneousplatformbase.Thisneedarisesfromincreasingnode
managementcosts,thedesiretoimprovesecurityposture,andindustryregulatory
requirements.
ThemostefficientwaytomanagepoliciesandidentitiesonnonWindowsplatformsin
theseenvironmentsistochooseWindowsasacommongroundforthestorage,
management,andenforcementofsuchpolicies.Windowsischosenasacommon
ground,becauseitisascalableandreliableplatformwithexcellent,intuitive
managementtools.
AdministratorscanuseOpenSourcetoolsorprofessional,scalable,andsupported
solutionslikeLikewiseEnterprisewhenstandardizingidentitymanagementon
Windows.Thepresentpaperdiscussestheadvantagesanddisadvantagesofboth
approaches.
-
8/14/2019 Managing Group Policies for Non Windows Computers through Microsoft Active Directory
5/14
ManagingGroupPoliciesforNonWindowsComputersthroughMicrosoftActiveDirectory Page2
Introduction
ThiswhitepaperdiscusseshowLikewiseEnterpriseenablesorganizationstointegrate
andmanagetheirUnix,Linux,andMaccomputersusingMicrosoftActiveDirectory
tools.
ThepaperbrieflydescribestheproliferationofWindowsandthenmovesontodescribe
howActiveDirectoryfeatures,suchasGroupPolicyandextensionstoActiveDirectory
schemas,enablethemanagementofUnixlikesystems.
ThepaperthendiscusseswhyWindows wellknowneaseofuseadvantagesmake
managementofnonWindowssystemsthroughActiveDirectoryanattractive
alternative.
TheremainderofthewhitepaperprovidesamoretechnicaldiscussionofUnix
managementcomplexityandwhyincorporatingaWindowsPolicybasedmanagement
alternativeprovidesorganizationswithauniformuseandmanagementmodelfortheir
computingenvironments.
Finally,thepaperdescribeshowLikewiseEnterpriseworkstobringtogetherActive
DirectoryandUnixmanagementunderWindowsGroupPolicies.
-
8/14/2019 Managing Group Policies for Non Windows Computers through Microsoft Active Directory
6/14
ManagingGroupPoliciesforNonWindowsComputersthroughMicrosoftActiveDirectory Page3
ManagingGroupPolicies
Predominanceof
Windows
Platform
MicrosoftWindowsServerandActiveDirectoryhavecometodominatebusiness
computing.ThishasresultedintheneedfornonWindowsdevicesandapplicationsto
interoperatewithandevenbemanagedwithinaMicrosoftWindowsActiveDirectory
environment.Besidesbeingoneof(ifnotthe)mostwidelydeployedscalabledirectory
solutions,ActiveDirectoryisalsothewidestdeployedandmostrobustcommercial
implementationofKerberos.
Overtheyears,Microsofthasbeensuccessfullyabletodeliverascalablecomputing
solution
from
the
server
to
the
client,
particularly
because
of
the
ease
of
use
of
its
graphicaluserinterface.Besidesaddressingtheoperatingsystem,directory,andstorage
markets,MicrosoftsenterpriseclassapplicationssuchasExchangeandSQLServer
dependupondirectorybasedauthentication.Inaddition,manythirdpartyapplications
suchasPeopleSoftandSAPincorporateADauthentication.Giventheroadmapoffered
byMicrosoft,thisinterconnectionofthedirectorysideandtheapplicationsidewillonly
increase.
ThefollowingsectionsdescribetheadvantagesofMicrosoftWindowsmarketplace
successfromaheterogeneousenvironmentperspective.
GroupPolicyManagementUnliketheotherdirectoryvendors,Microsofthasdeliveredprofileanddesktop
managementonalargescale.UnlikevendorssuchasNovellorSunMicrosystemswho
onlyhavepartialsolutions,Microsoftisabletoautomaticallypushpoliciesthroughthe
domainfromtheservertotheclient.Theenhancedgrouppolicyimplementationin
WindowsVistaandWindowsServer2008hasallowedadministratorstocentrally
manageagreaternumberoffeaturesandcomponentbehaviorsthanwerepossiblein
thepreviousversions.WiththecontinuingconsolidationofITvendors,theenterprise
computinglandscapewillbeundoubtedlybegearedmoreandmoretowardWindows
platforms.
SchemaExtensionOvertheyearsMicrosofthaslesseneditsaggressivestancetowardUnix,startingwith
addingsomeinteroperabilityinMicrosoftServicesforUnix3.0(SFU3.0),andextending
thatinSFU3.5.Mostrecently,inWindows2003ServerR2,Microsofthasincorporated
mostofthefeaturesofSFU3.5,addingtheabilitytoextendADschemawithUnix
-
8/14/2019 Managing Group Policies for Non Windows Computers through Microsoft Active Directory
7/14
ManagingGroupPoliciesforNonWindowsComputersthroughMicrosoftActiveDirectory Page4
compliantattributesinaccordancewithRFC23071.Thissimplifiedtheintegrationof
crossplatformidentitymanagementbyeliminatingtheneedtochoosebetweenthe
storingofUnixobjectcredentialsintheexistingclasses(socallednonschemamode)
andthe
non
supported
extension
of
the
AD
schema.
Now
administrators
can
take
advantageofRFC2307byusingUnix andLinuxspecificattributesthatarebuiltinto
theADschema.
EaseofUseItisgenerallyacceptedthatWindows managementtoolsareeasiertousethattheir
UnixandLinuxcounterparts.ThisisoneofthemajorreasonsthatMicrosofthaswon
thedesktopclientandserverenterprisemanagementbattle.Administratorstodayvery
infrequentlymustbeinvolvedwiththeerrorpronemanualeditingofconfigurationfiles
orrelyonwritingscriptsandexecutingthemfromthecommandline.Infact,creating
andpushing
the
enterprise
policy
across
thousands
of
clients
can
be
performed
with
fairlyfewmouseclicksfromoneofthepolicymanagementpluginsfortheMicrosoft
ManagementConsole.
UniformityofManagementThevariousvendorsUnixandLinuxplatformsarenotoriouslydifferentfromone
another:theyhavedifferentmanagementtoolsanddifferentdesktopinterfaces.Looking
atanumberofpopularLinuxdistributionsfromRedHat,SUSE,andUbuntu,it
becomesclearthatLinuxdidnotdelivertheuniformityhopedfor.Sinceitisclearthat
UnixandLinuxmustinevitablyinteroperatewithWindows,thereisaheightenedneed
forstandardizedauthenticationandmanagementtools.Fortunately,Microsoftnowofferssuchcommonground:thecombinationofanActiveDirectoryframeworkand
GroupPolicymanagement.ThisiswhereUnixadministratorscantakealazyapproach,
sinceboththeframeworkandthemanagementtoolshavebeenalreadywritten,scaled,
tested,anddeliveredtotheenterprise.Allittakesistotapintothisofferedtechnology
anduseADforuniformpolicymanagement.
PolicyManagementFeaturesAvailablethroughActiveDirectoryWindowspolicymanagementallowsadministratorstoautomaticallyandintuitively
enforcealargenumberofendnodeparametersacrossthedomaininahierarchical
fashion.Theseparametersincludesecuritysettings,wiredandwirelesssettings,startup
andshutdownscripts,softwarerestrictions,QoS,IPSec,remotesoftwareinstallation
settings,accessrestrictionstolocalhardware,andmanymore.Increasedgrouppolicy
settingsappearinginMicrosoftVistaandtheupcomingWindows7clearlyindicatesthat
thisisthedesktopmanagementapproachthatMicrosofthaschosen.
1RFC2307canbefoundat:http://www.rfcarchive.org/getrfc.php?rfc=2307
-
8/14/2019 Managing Group Policies for Non Windows Computers through Microsoft Active Directory
8/14
ManagingGroupPoliciesforNonWindowsComputersthroughMicrosoftActiveDirectory Page5
AllthesepoliciesareeditedandenforcedfromtheMicrosoftGroupPolicyManagement
Console(GPMC),acomprehensiveandintuitivesuiteofpolicymanagementtools
availableas
aMicrosoft
Management
Console
(MMC)
snap
in.
GPMC
allows
administratorstolaunchtheActiveDirectoryUsersandComputers(ADUC)consoleto
applypolicyobjectstothedesiredOU(OrganizationalUnit)levelandlaunchGroup
PolicyObjectEditor(GPOE)tomodifygrouppolicysettingswithingrouppolicy
objects.Overall,theabovedescribedsuiteoftoolsallowsadministratorstoeasilycreate
multiplegrouppoliciesandenforcethematdifferentOUlevels.
ManagementComplexitiesintheUnixEnvironmentInteroperabilitybetweenWindowsandUnixhasalwaysbeenaproblemrepeatedly
addressedwithlimitedsuccessfrombothOSes.Whileportingapplicationsacross
platformsis
often
impractical,
cross
platform
authentication
allows
administrators
to
deliverUnixapplications(particularlyWebbasedapplications)totheWindowsrealm,
providingafasterandmoreconvenientsolution.Bythesametoken,allowingWindows
userstoauthenticateandmanageUnixsystemssimplifiestrackingidentities,making
theoverallUnixuserexperiencemorepleasant.
SomeattemptstohaveWindowsandUnixinteroperatehavemetwithmoderate
success.MicrosoftServicesforUnix(mostfeaturesofSFUhavebeenincorporatedinto
WindowsServer2003R2andWindowsServer2008)offerslimitedinteroperability
betweenADandNIS,plusapasswordsynchronizationutility.Specifically,SFUoffered
a
service
that
would
synchronize
Unix
UIDs/GIDs
and
Windows
user
and
group
identities(SID)bidirectionallyinonetooneandmanytoonemode.Additionally,SFU
offeredbidirectionalWindowstoUnixandUnixtoWindowspassword
synchronizationthatsupportsbothlocalanddomainaccountWindowspassword
synchronization.However,thesefeaturesdidnotsupportverymanyUnixflavorswhile
requiringafairamountofmanualconfigurationworktobeimplemented.
DocumentsforUnixandLinuxplatformsalsoofferlimitedinteroperabilityatthecostof
extensivemanuallaborassociatedwitheditingconfigurationfiles,sometimesoneach
participatinghost.Thisisatediousanderrorproneprocedure.Severalhowto
documentsofthiskindhavebeenmaintainedsincetheyear2000,particularly
addressingauthenticationthroughpluggableauthenticationmodules.Unfortunately,
notalltheUnixandLinuxflavorsaresupportedandtheimplementationrequires
laboriousmanualconfigurationandextensivetesting.Anincorrectconfigurationcan
notonlyresultinfaileduserauthenticationbutalsomaketheUnixhostlesssecure.
TherearesimilardocumentsforSamba,Apache,andSSHauthentication.Additionally,
therecommendationsandimplementationschangefromapplicationtoapplication,
particularlyintheversionsofsupportedtoolsandthelocationandformatofthe
-
8/14/2019 Managing Group Policies for Non Windows Computers through Microsoft Active Directory
9/14
ManagingGroupPoliciesforNonWindowsComputersthroughMicrosoftActiveDirectory Page6
configurationfiles.Frequently,therecommendedmodificationsarenotsupportedby
eithertheUnixorLinuxvendorsorMicrosoft,whichmakesitdifficulttoimplement
thesechangesinaproductionenvironment.Therefore,shouldtheparticularplatforms
needto
be
supported,
administrators
need
to
have
extensive
knowledge
of
both
platformsandrelyonoftenuntimelyfreetechnicaladvicefromInternetforums.
Supportingcrossplatformauthenticationinsuchamannerisstressfulandcounter
productive.
CrossplatformChallenges
Thefollowingsectionsdescribethecrossplatformchallengesadministratorsmustface.
LimitationsofSUDOSUDOisusedasanalternativetotheextensiveuseoftherootaccountformanagement
purposes.SUDOallowsnonprivilegedaccountstoexecuteprivilegedcommands.
Whileagreatidea,astypicallyimplementedSUDOhasanumberofdrawbacks.Among
thesearetheneedtomanuallyapplyandmaintainthesudoersfileacrossallthe
managedsystems,testeachconfigurationchange,andmakemodificationstoeachnode
whenanewadministratorjoinsorleavesthecompany.
LimitationsofNIS/NIS+WhileNISisstillwidelyusedfordomainauthentication,thetechnologyhasknown
securitylimitations(aclientcanretrievetheentireNISpassworddatabaseforoffline
inspection),is
not
very
scalable,
and
has
inefficient
replication
processes.
While
NIS+
has
fixedanumberofNISdrawbacks,bybeinghierarchical,requiringserverauthentication,
andallowingpermissionsonoperations,NIS+isdifficulttoadminister,requiresspecial
backupprocedures,andhaslimitedscalability particularlywithmultipledomainsand
over1,000clients.Inthisregard,thescalabilityandrobustnessofActiveDirectoryoffers
afarbetteralternative.
LimitationsofRBACRolebasedaccesscontrol(RBAC)isanotherapproachatrestrictingsystemaccessto
authorizedusers.RBACisbasedonrolesthatarecreatedforvariousjobfunctions.The
operationspermissions
are
assigned
to
roles
rather
than
users.
Rights
management
is
simplifiedbyassigningausertoaparticularrole,simplifyingoperations.However,in
largeheterogeneousenvironmentsmanagementofRBACmembershipsbecomes
extremelycomplexasitlackshierarchicalcreationofrolesandprivilegeassignments.
Additionally,notalltheusershavethesameroleondifferentsystems,whichfurther
complicatestheadministrationprocess.
-
8/14/2019 Managing Group Policies for Non Windows Computers through Microsoft Active Directory
10/14
ManagingGroupPoliciesforNonWindowsComputersthroughMicrosoftActiveDirectory Page7
KerberosAuthenticationKerberosconfigurationrequiresrunningadaemon,synchronizingtimebetweenthe
serverandtheclientviaNTP,installationofthepam_krb5module,andmaking
applicablechangestothesampleconfigurationfilesprovidedwiththedistribution.Administrators,therefore,havetorelyonanextensiveknowledgeofbothplatformsand
onthenotalwaystimelythirdpartyhelpfromtheInternetforumstogetKerberos
implementedwithinaUnixorLinuxenvironment.Obviously,handlingdomain
authenticationinsuchamanneristimeconsumingandpronetoerror.
LimitationsofFilePermissionsinUnixInUnixafilehasthreeclassesofpermissions:theowner,thegroup,andeveryone.Each
classhasthreelevelsofaccessrights:read,write,andexecute.Thisoffersfarless
flexibilitythanaWindowsenvironment,wheremultiplelocalanddomainbasedfile
permissionscanbegrantedforusersandgroups.LinuxSecurityModules(LSM),which
areincludedwiththeSELinux2securityframework,offermoregranularfileaccessbut
atthecostofCPUoverhead.
ManagingPoliciesAcrossDifferentFlavorsofUnix/LinuxInheterogeneousenvironments,administratorshavetoenforcestandardpolicysettings
acrossmultipleflavorsofUnix,eachoftenusingdifferentdesktopenvironments
(GNOME,KDE,SunJavaDesktopSystem,etc).Thesedesktopenvironmentsdifferin
theparametersthatcanbemodifiedandintheformatandlocationoftheconfiguration
files.
Thus,
when
pushing
policies,
administrators
have
to
manually
filter
the
enforced
settingsonapertargetplatformbasisrequiringeitherpollingthesystemOSor
maintaininglistscontainingthesystemsandcorrespondingOSes.Thisisanothertime
consuminganderrorproneprocess.
AdvantagesofManagingUnixPolicieswithLikewise
LikewiseEnterpriseiscapableofsolvingalltheaboveproblemsinasimpleand
intuitivefashion.Thetechnologyoffersseamlessintegrationofoverahundreddifferent
Unix/LinuxoperatingsystemswithActiveDirectoryforbothauthenticationandpolicy
managementneeds.LikewiseEnterpriseofferscentralizedmanagementofidentities,
desktopenvironments
(including
2500
plus
Gnome
policy
parameters),
credential
cachingforofflineconnection,OSbasedclientpolicyfiltering,NISandusermigration
tools,aswellasauditingandreportingfunctionality.WithLikewiseEnterprise
technology,administratorscaneasilydeliverKerberosbasedsinglesignonforsuch
applicationsastelnet,FTP,SSH,rlogin,rsh,LDAPqueriesagainstAD,andApache
HTTPserver.
2SELinux,orSecureLinuxisfurtherexplainedat:http://www.nsa.gov/research/selinux/
-
8/14/2019 Managing Group Policies for Non Windows Computers through Microsoft Active Directory
11/14
ManagingGroupPoliciesforNonWindowsComputersthroughMicrosoftActiveDirectory Page8
LikewisesimplifiesaccountmanagementbyassigningeachuserauniqueID,whichis
provisionedandcentrallymanagedthroughActiveDirectory.Likewisesuniquecell
technologycan
map
users
to
different
UIDs
and
GIDs
for
different
computers,
eliminatingtheneedformultiplelocaluseraccounts.TheLikewiseextensiontothe
MicrosoftActiveDirectoryUserandComputersMMCsnapinallowsadministratorsto
createanassociatedcellforanOUandthenusethecelltomanageUIDGIDnumbers.
ThisallowsADusertoaccessnonWindowsnodeinselectedLikewisecells:
Theabove
features
let
administrators
integrate
non
Widows
nodes
into
aWindows
AD
authenticationandmanagementframeworkwithadequatepolicymanagement,user
provisioning,andreportingtools.
ComplexitiesofManagingPoliciesinMacOSXEnvironmentOvertheyearstheAppleMacintoshcomputerhasmaintainedasmallbutstableshare
ofthecomputingenvironment.Whilebeingusedprimarilyforaudio,video,and
-
8/14/2019 Managing Group Policies for Non Windows Computers through Microsoft Active Directory
12/14
ManagingGroupPoliciesforNonWindowsComputersthroughMicrosoftActiveDirectory Page9
graphicsediting,theMacintoshoffersextremeeaseofusecomparedtoWindows(notto
mentionUnix)coupledwithaplethoraofhighendgraphicsapplicationsdesignedand
compiledfortheMacintoshplatform.Applesmarketingeffortismaintainingand
somewhatexpanding
the
OS
X
market
share,
which
has
now
surpassed
8percent.
Part
ofthissuccesscanbeattributedtotheuseofastableUnixkernelinOSXandmore
standardPCcomponents,suchasIntelmicroprocessors,PCIEslots,andDDRmemory.
ThisintroducedAppletoapoolofhardwarethatismorereliable,lessexpensive,and
comesinwidervarietythanthecomponentsinolderRISCprocessorbased
Macintoshes.
Unfortunately,fromanenterprisecomputingperspective,Appledoesnothaverobust
enterprisemanagementtools.Thereareanumberofreasonsforthis.First,the
Macintoshhasneverbeenawidespreadenterpriseclassplatform,soApplenever
neededtoaddresstheissuesofscalabledirectoryservice,terabytesofstorage,or
centralizedcomputationalfacilities.Thusenterprisemessaginganddatamanagement
applicationssuchasMicrosoftExchange,LotusNotes,SQLServer,andsoforthhave
neverbeenportedtoApplesMacintoshservers.Evennowfewenterpriseclassproducts
areavailablefortheOSXplatform.Secondly,theprimaryuseofMacintoshesisinthe
graphicsdepartments,atechnologicallyandorganizationallysecludedgroupthat
requiressharingamongMacintoshusersonlyandinteroperatingwiththerestoftheIT
infrastructureviasharingprinters,storage,andInternetaccess.Thissituationcertainly
didnotcallforprovisioningandidentitysolutionstothedepthandscalabilityofits
Windowscounterparts.Onthebrightside,sinceAppledidnotexcelinenterprise
managementtools,otherssuchasMicrosoft,Novel,andSunhavecreatedthe
infrastructureallowingMacintoshuserstotapintoareliableframeworkofuseranddesktopprovisioning.
TheMacintoshplatformusesarecentlyaddedWorkgroupManager(WGM)tomanage
users,groups,shares(withaccesspermissions),andclientpreferences.Theapplication
allowsadministratorstomodifyaccounts(includingusers,groups,andcomputerlists),
assignprivileges,managesharepoints,andmodifydesktoppreferencesthatdefinethe
userexperienceforclientsboundtoApplesOpenDirectorydomain.WGMrequiresan
OSXServerasacentralizedrepositoryofuserinformation.Whilebeingabigstepfor
Macintoshmanagement,theproductpalesincomparisonwithwidelyrecognized
enterpriseuser
provisioning
solutions.
LikewiseSolutionforMacDesktopPolicyManagementTheLikewisesolutionformanagingMacintoshdesktopsallowsadministratorstostore
settingsinActiveDirectoryratherthanonaMacintoshOSXServer.Besidesdecreasing
thecostofthesolutionandoffloadingADmaintenancetoWindowadministrators,
Macintoshusersettingsarenowstoredinamorerobustandscalabledirectory.Since
storingthirdpartydatainActiveDirectoryrequireseitherirreversibleschemachanges
-
8/14/2019 Managing Group Policies for Non Windows Computers through Microsoft Active Directory
13/14
ManagingGroupPoliciesforNonWindowsComputersthroughMicrosoftActiveDirectory Page10
(whichmaynotbeagreeablewithWindowsadministrators)orusingnonstandard
fields(whichiscumbersome),initiallynonWindowsvendorswerereluctanttostore
usercredentialsinAD.ThisiswhereLikewisecomestotherescue.Bytakingadvantage
ofRFC
2307,
Likewise
Enterprise
integrates
user
authentication
with
Active
Directory
(inthesamewayasMacintoshActiveDirectoryPlugInallowsMacstoauthenticateto
MacintoshOSXOpenDirectory)offeringamechanismthatallowsWorkgroupManager
settingstobestoredinActiveDirectoryGroupPolicyObjects.LikewiseEnterprise
containsautilitytojoinMacstoActiveDirectory,lettingthemparticipateinADbased
userauthenticationandingrouppolicyprocessing.Fromthatpointon,administrators
canconnecttoActiveDirectoryfromtheWorkgroupManagerinterfaceandstore
settingsintheGPO.FromtheWindowsside,administratorscanuseGPMCtostoreand
manageMacpolicysettings.
Asaresult,LikewiseEnterprisebringstogethertheadvantagesoftheMacintosh
WorkgroupManagerwiththerobustnessanduniformpolicymanagementtoolsof
ActiveDirectoryinaseamlessandintuitivefashion.
-
8/14/2019 Managing Group Policies for Non Windows Computers through Microsoft Active Directory
14/14