Enable this group policy to specify one or more zone groups to map to the admin group on the local machine. Members of the zone groups you specify here have administrative privileges on the local machine, including:
1) The use of sudo command in a shell
2) The ability to unlock and make changes to System Preferences
Note: to map zone groups to local admin group, you can use either this policy or "Map zone groups to local group" policy, but please don't use both at the same time as it may lead to unexpected result.
Be certain to create a zone group in Centrify DirectManage Access Manager and add users who you want to have administrative privileges on Mac OS X machines managed by Centrify Agent.
To set this policy:
1) Open the policy and select Enabled.
2) Click Add.
3) Enter the name of a zone group in the box, then click OK.
If the Mac is joined with Auto Zone then you can map Active Directory groups instead of zone groups to the local admin group.
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | Software\Policies\Centrify\CentrifyDC\Settings\Mac\Accounts\ZoneGroupMap |
Value Name | ZoneGroup{number} |
Value Type | REG_SZ |
Default Value |