Map zone groups to local admin group

Enable this group policy to specify one or more zone groups to map to the admin group on the local machine. Members of the zone groups you specify here have administrative privileges on the local machine, including:
1) The use of sudo command in a shell
2) The ability to unlock and make changes to System Preferences

Note: to map zone groups to local admin group, you can use either this policy or "Map zone groups to local group" policy, but please don't use both at the same time as it may lead to unexpected result.

Be certain to create a zone group in Centrify DirectManage Access Manager and add users who you want to have administrative privileges on Mac OS X machines managed by Centrify Agent.

To set this policy:
1) Open the policy and select Enabled.
2) Click Add.
3) Enter the name of a zone group in the box, then click OK.

If the Mac is joined with Auto Zone then you can map Active Directory groups instead of zone groups to the local admin group.

Supported on:

Zone groups

Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\Mac\Accounts\ZoneGroupMap
Value NameZoneGroup{number}
Value TypeREG_SZ
Default Value


Administrative Templates (Computers)

Administrative Templates (Users)