By: Mike Kimball & Mikio Moriyasu - Revised: 2006-06-13 devin


Mac Administrator, from Hi-Resolution Systems, is a system management tool that conducts a variety of administrative, maintenance, management, and security functions. This includes the following:
  • User authentication operations using existing, commonly available authentication servers.
  • Regulate and monitor the network accessibility, usage privileges, and the general activities of users or groups of users.
  • Regulate, monitor, and record the general activity of individual machines or groups of machines.
  • Remotely install, remove, upgrade, and regulate applications, folders, and files on individual machines or groups of machines.
This overview is a presentation Mikio gave at a previous Mac Managers meeting, when we were first evaluating MacAdmin 2 for use in our labs - I have updated the info for the current version we are using as of September 11, 2002. --MK

Functions - Configuration Manager

This is the primary administration application for Mac Administrator, with which system administrators can control Mac Administrator's operation. It can be run on any machine which has network access to the MacAdministrator home folder on the server (giving full remote administration). The Configuration Manager has control of the following general elements (most are accessible from the Windows menu):

Users - These are the individual user identifications and configurations for access to the network. The accounts contain the User's Name, Password, Login clearance mode, and total Print Credits available. The accounts also identify any specific Users Group Profile memberships.

Machines - These are accounts that provide system administrators with basic operational information on each Client machine.

Printers - As every user must login in order to access a machine, system administrators can monitor and control users' printing actions in the following ways:
  • Assign specific printers to each User Group
  • Assign a maximum number of pages per printing action per user
  • Assign a maximum amount of "credit" to be charged per page
Settings - This window is where to access the following elements:

Authenticators - MacAdministrator integrates with existing network infrastructures - user authentication can be done with either usernames and passwords on existing servers, or MacAdministrator's own authentication database. The following Authenticator Plug-ins are available (not all are shown):
  • AFPAuthenticator (AppleTalk File Protocol)
  • KerberosAuthenticator
  • MacAdminAuthenticator
  • NDSAuthenticator (NetWare Directory Services)
  • OverrideAuthenticator: provides access when other authentication servers are not available.

User Group Profiles
- Mac Administrator allows system administrators to group users who share similar software needs or requirements. Group Profiles manage the following user functions:
  • Login-Startup-Logout configuration.
  • Settings for Password configuration, Protection profile
  • Printer assignments and configurations

Machine Group Profiles - Like the Users Group Profiles, this feature allows system administrators to group and manage Client machines that share similar software configurations. Group Profiles include the following:
  • Settings: Name assignment, Agent control, Distribution sets.
    Distribution Sets are collections of applications, folders, or files distributed to a given Machine Group Profile (not influenced by the logged in user). Agent Control Files determine what, when, and on what machines Agents run.
  • Mode: Login/No Login, Guest access, allow set password, access if authentication fails, timetable assignment; printing options, log options.

Agent Control - MacAdministrator Agents are software components that perform Client maintenance and data recording tasks. Agents can run on Startup or Shutdown, User Login or Logout, or at pre-specified times. These are assigned in the Agent Control File, a list of all available agents and when they are scheduled to run. The control file will automatically limit when some agents can be scheduled either because their operation at certain times is not necessary or will disrupt the operation of other agents. You can also use your own Agents, such as AppleScript applications, which perform your own functions (some of ours are visible below).

The Agents that ship with Mac Administrator 2.0 are:
  • Unmount And Eject - Unmounts any file server volumes, and ejects any ejectable disks.
  • Mac Administrator Maintainer - Ensures that the MacAdmin Client machine's local information is up to date.
  • Common Restore - Will download from the Server anything stored in the "Common Files" folder, and anything stored in the "Distribution Sets" folder which matches the machine's Distribution Set configuration.
  • Folder Sweep - Will delete old files from the specified folders and/or empty the Trash.
  • Mac Administrator Agent Scheduler - Launches any other Agents scheduled to run at a specific time.
  • Mac Administrator Hardware Audit - Performs a hardware audit of the Client machine.
  • Mac Administrator Software Audit - Performs a software audit of the Client machine.
  • Mac Administrator Usage Monitor - Monitors and records which applications are being used, for how long, and by which user.
  • Mac Administrator Listener - Receives the remote commands sent from the Configuration Manager.
  • Restore Common Prefs - Distributes preferences common to all Client machines.
  • Restore Documents - Restores users' work.
  • Restore User Prefs - Restores users' preference files.
  • Save Documents - Saves users' work.
  • Save Machine Data - Uploads to the Server any audit files stored on the Client machine.
  • Save User Prefs - Saves users' preference files.
  • User Group Restore - Distributes files based on User Group.
  • Automount - Mounts the remote volumes as specified in the AutoMount preferences.
  • Close Finder Windows - Closes any Finder windows which are currently open.
  • Configure Protection - Configures the Protection Software.
Protection - MacAdministrator Protection is designed to maintain all or part of a Client machine in a fixed state. Depending on how extensively the system administrator wished to "lock down" the machines, this control can encompass the Hard Drive file structure, the Desktop, and even the Trash can. Protections are assigned to machines or groups of machines using Protection Configuration Files.

OS components and features that can be managed:
  • Chooser Devices
  • Compact Discs
  • Control Panels
OS operations that can be managed:
  • Copying and Installing to and from the Hard Disk.
  • File Locking (see below) - important feature that is kind of hidden. Click the System Control button, then File Locking... You want to allow anything to lock/unlock files, otherwise you will have problems with Word template files, etc, which will cause the app to crash...

  • Folder naming, relocation, creation, addition, deletion, and locking on the Startup Disk as well as any other specified volume on the machine.
  • Menu Control - enable/disable certain menus.
  • Netscape download prevention.
  • Software launch controls
  • Startup and System controls - Shift Key disable, Hard Disk write protection, Screenshot disable, and AppleTalk Off disable

Pros and Cons

  • Gives system administrators a wide range of remote centralized management and protection control over the machines on the network.
  • Provides system administrators with powerful tools to manage and maintain applications, folders, and files.
  • MacAdministrator is flexible enough to allow for specific individual or group needs.
  • Gives system administrators the ability to monitor and manage a variety of users' activities.
  • Extensive documentation and reliable and knowledgeable support people.
  • Installation and removal is very simple.
  • Graphical User Interfaces for all configurable settings and functions.
  • Drag and drop addition of Apps, Folders, and Files (sort of).
  • The various "copy" Agents will copy down items to the Client machines according to the folder structure. For example, Prefs located in a System Folder - Preferences folder in the "Common Prefs" Folder on the server will be copied down to the Preferences folder on the Hard Disk.
  • Users can take their settings with them from machine to machine.
  • Can be used with RevRdist.
  • The complexity of functions means a substantial amount of configuration time.
  • Familiarization and testing period is highly recommended prior to widespread implementation.
  • Depending on the degree of system protection and complexity of the User Group Profile, the actual login time can be as long as a standard cold startup (this is fixed by ignoring the MacAdmin Folder in your RevRdist code - it will only take a long time the first time a protection profile is used).
  • Features available for such applications as RevRdist or netOctopus may not be available with MacAdministrator because of its extensive management functions.
  • Application, Folder, and File distribution methods not as flexible or as configurable as some may want (i.e. expert RevRdist users).
  • Agents are machine-specific, so you cannot assign different agents based on the user that logs in (i.e. running RevRdist when the revrdist user logs in requires some extra AppleScript magic combined with a MacAdmin scripting addition).

More Information

Visit the Hi-Resolution MacAdmin home page at: http://www.hi-resolution.com.