Background: School with an old Mac OSX Server 10.5. Also has a lab with 29 iMacs. We have had printing and other issues form all of the Windows workstations and laptops since day one, and Apple has never been of any help. Recently, purchased a Windows 2008 R2 server. Created a domain, attached all devices and things have been okay, for the most part...
The only issue I am running into now is having the iMacs have Workgroup Manager Preferences applied when logging in with the Windows AD users. They are able to sign in, but things like blocking of all System Preferences (these are students) and auto mounting of volumes do not occur. This is what I have done:
Created the Windows domain at 2003 functional level.
Bound the OSX Server to the domain. Verified present in AD, and able to login as AD Admins.
Created an OD Master with a diradmin.
In Directory Utility, added to AD and OD for authentication and contacts, in that order.
In Workgroup Manager, created a group for ManagedStudents in OD, and added all AD users who are students to that group. Added some login items and blocking of System Preferences to group.
At iMacs, bound all of them to AD, and then added both AD and LDAP (OD) to authentication and contacts, in that order. Also added an SMB item, recognizing the WINS server feature on the 2008R2 server, just in case
At login on iMacs, verified Network Accounts Available and login as an AD user. Login occurs just fine.
After login, no login items are present, and System Preferences are still available.
So, what am I doing wrong? I know this is not very detailed, and I can provide more if needed. Any help is greatly appreciated.
[link] [4 comments]