Hi
Looking for a new server solution.
I look after an office of 10 or so computers with myself on a mac and the rest windows. Looking to get more control over the desktops. All the users currently just have their own admin login. I want to centralize user management. They are not currently using any file sharing etc but I could add that. It was more about being able to lock down the individual desktops in a more organized fashion. As there are some that I don't know passwords for anymore.
I understand I can create the users on the server and have them auth from it but I have seen an actual windows active directory where the local computer is entirely locked down and the user cannot store files on that but has to use the share from the main server instead. Is this something that the linux solution can do? Or does that have to be done with an actual windows server setup.
Everything else is kind of secondary for me to control. Even computer monitoring would be nice if could view desktops not sure if this offers or not.
Thanks
Looking for a new server solution.
I look after an office of 10 or so computers with myself on a mac and the rest windows. Looking to get more control over the desktops. All the users currently just have their own admin login. I want to centralize user management. They are not currently using any file sharing etc but I could add that. It was more about being able to lock down the individual desktops in a more organized fashion. As there are some that I don't know passwords for anymore.
I understand I can create the users on the server and have them auth from it but I have seen an actual windows active directory where the local computer is entirely locked down and the user cannot store files on that but has to use the share from the main server instead. Is this something that the linux solution can do? Or does that have to be done with an actual windows server setup.
Everything else is kind of secondary for me to control. Even computer monitoring would be nice if could view desktops not sure if this offers or not.
Thanks
Share this post:
Accepted Answer
ClearOS could act as a Domain Controller until M$ threw a spanner into the works very recently with their Win10 1803 update. Until then it could act as a Domain Controller for Windows, Mac and Linux. This is for old-style NT4 domains (as used in SBS2003). This uses the old SMB 1.0 protocol which M$ are trying to retire and since the update it is not possible for a PC running the 1803 version of Win10 to join an NT4 domain. Even since the 1709 update you have had to manually enable SMB 1.0 on Win10. We are waiting to see if this is accidental fallout from the 1803 update or a deliberate thing. Currently the only workaround is to install 1709 or prior or remove the 1803 update, join the domain and then update.
I believe to be able to use Group Policy tools you need a full Active Directory DOmain Controller and the current version of ClearOS does not support that. It does have a Samba Directory (beta) app but it is very much a beta and certain apps are known not to work with it. If you do want to use it, the recommendation is to run Samba Directory on a machine or VM, just for the directory, users and groups then use ClearOS on another machine using the AD connector to connect to the Samba Directory machine. It may even be possible to run the Samba Directory on a VM in ClearOS or use ClearVM to run both Samba Directory and a normal version of ClearOS on the same machine.
Before Christmas, one of the devs, Dave Loper, offered free support for anyone willing to help test Samba Directory and get it production ready. I don't know if the offer still stands bit I'd guess it does.
On your PC's can't you at least set up a separate administrator account so you can always have access? You can then demote the users from admins to users.
I believe to be able to use Group Policy tools you need a full Active Directory DOmain Controller and the current version of ClearOS does not support that. It does have a Samba Directory (beta) app but it is very much a beta and certain apps are known not to work with it. If you do want to use it, the recommendation is to run Samba Directory on a machine or VM, just for the directory, users and groups then use ClearOS on another machine using the AD connector to connect to the Samba Directory machine. It may even be possible to run the Samba Directory on a VM in ClearOS or use ClearVM to run both Samba Directory and a normal version of ClearOS on the same machine.
Before Christmas, one of the devs, Dave Loper, offered free support for anyone willing to help test Samba Directory and get it production ready. I don't know if the offer still stands bit I'd guess it does.
On your PC's can't you at least set up a separate administrator account so you can always have access? You can then demote the users from admins to users.
Responses (2)
-
Accepted Answer
-
Accepted Answer
Thanks, yes i can do the admin and lock down the users, and I will, but was trying to plan the bigger picture also. So with what you explained above its not possible at the moment to have linux auth users over the network so i can have one main controller authenticating? I have to resort to local users or use windows server? But with the local users I can still use file sharing over samba or mail or anything else from clearos obviously right?
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »