Posts by Brian Lau

Brian Lau is the Senior Technical Support Engineer for the Centrify User Suite. Prior to joining Centrify, Brian left his hometown in the UK shortly after graduating university to travel the world, teaching English to students ranging from pre-school toddlers to retiring CEOs.

Centrify Perspective

How to enable FileVault 2 using Centrify Group Policies

By , April 28, 2014

The ability to tap into OS X’s FileVault 2 feature was introduced back in Centrify Suite 2013.2 (Agent version 5.1.1). It’s a very cool function and allows AD users to have Apple’s in-built disk encryption system activate automatically after they have logged into their AD account on the Mac at least once. However, since FileVault itself does have several pre-requisites and conditions to be met – it can be a tad tricky to ensure that the Mac meets all the requirements before the Centrify agent can get in there and start pulling the levers and and twisting the knobs to get the…

It's All About Identity

How to Create a Hidden Local Admin Account on Mac Systems (Redux)

By , January 2, 2014

Lance showed us a top tip for creating an invisible Local Administrator account by placing a period character (.) in front of the username. Doing this was handy for preventing the admin user from showing up in the Users & Groups System Preferences, but it was discovered that this would also cause the account to be skipped over when doing an OS upgrade (e.g., updating from 10.8 Mountain Lion to 10.9 Mavericks). As a result – after the update; the user no longer exists under the new OS and thus needs to be recreated. It’s likely that this is because…

Centrify Perspective

New Demo Videos for Centrify User Suite, Mac Edition (“Centrify for Mac”)

By , December 3, 2013

We recorded a couple of new quick-start demonstrations showing the new Centrify for Mac GUI in action. The first video shows all the steps from downloading the Suite to installation to joining the domain to your first login with an AD account. The second video gives a quick demonstration of how group policies (available to Licensed users) can be used to configure banner text, give Local Admin rights to certain AD groups and set up network shares to be automatically mounted at login.

Centrify Perspective

Centrify DirectControl for OS X 10.9 Mavericks

By , October 22, 2013

With the announcement of the release of OS X 10.9 Mavericks by Apple today, an updated version of the Centrify Mac agent is also available for those will undoubtedly want to have Apple’s latest and greatest immediately. This DirectControl for Mac OS X 10.9 release is a required update for anyone wanting to run Mavericks on a Centrify-managed system. In addition to bringing support for OS X 10.9, additional key updates for this release include: Bugfixes for issues affecting offline logins Support for remote silent installation via Apple Remote Desktop and other deployment solutions. GUI enhancements for more informative descriptions…

Centrify Perspective

Introducing the New Mac Diagnostic Tool

By , October 21, 2013

The old Centrify widget and Diagnostic Tool were handy ways to bring up information about Centrify configuration and users on a machine without having to bring up the Terminal each time. However as time went on, the widget became depreciated and the old Diag Tool was beginning to show its age; a change was needed.

Centrify Perspective

Identifying the Different Types of Login Issues on Mac Systems

By , August 22, 2013

So now that we know about the different types of accounts in OS X, it’s time to learn about what to do if those accounts ever decide to play hide-and-seek. There may come a time, either during the initial setup, or after some mysterious environment change that an account may fail to let the user in. After all, AD environments are like ice cream – they come in all kinds of flavors… some even have sprinkles on top.

It's All About Identity

Understanding Account Migration on Centrify for Mac OS X

By , July 26, 2013

Account Migration, or Account Mapping can be a tricky concept to understand at first, but once you get your head around the idea of home directory locations and the importance of user UIDs – the next step to comprehension is only a short hop away. First, let’s understand the original purpose of Account Migration: Imagine a user that has been logging into their Mac with a regular local account, all their documents, settings and other stuff is stored locally on the machine in their local home folder. The Mac is joined onto a domain and the user can also use…

Centrify Perspective

The Different Types of Accounts on Mac OS X

By , July 4, 2013

Go into the System Preferences > Users & Groups on a Mac, look on the user list on the left side and you will invariably see at least one example of the three main types of accounts on Mac OS X: So what do all those little subheadings mean? You may recall that Mac OS X accounts are essentially made up of two components; their profile index (the user record) and their home folders (the actual workspace). To stretch this concept further (and hopefully make it easier to explain…), imagine a Mac system as an office building, and each of the accounts…

Centrify Perspective

A Bit More on Knowing When Account Migration is Needed, and When it is NOT Needed

By , June 24, 2013

After my last article about Account Migration here, I realised that I missed out a quick and easy way to tell if a user needs to have their account migrated or not…

Centrify Perspective

Announcing DirectControl Express for Smart Card

By , September 25, 2012

We saw a need in the Federal Mac marketplace for end users to access their smartcards while working on personal Macintosh computers. This capability doesn’t exist in the standard Mac OS. If you try to use a smartcard today with OS X, it can’t read the card. This puts the Mac at a disadvantage compared to the Windows platform. Federal workers require their smart cards to access workplace websites and to encrypt/decrypt electronic mail. Without this solution, they are unable to work effectively from their Mac.Centrify Express for Smart Card is simple to install and easy to use. It does…