Map zone groups to local group

Enable this group policy to specify one or more zone groups to map to a Mac local group on the local machine. Members of the zone groups you specify here have the privileges of the Mac local group on the local machine, For example:
1) Able to manage printer setting if map to _lpadmin local group
2) Grant admin priviledge to AD group if map to admin local group

Note: to map zone groups to local admin group, you can use either this policy or "Map zone groups to local admin group" policy, but please don't use both at the same time as it may lead to unexpected result.

Be certain to create a zone group in Centrify DirectManage Access Manager and add users who you want to have the group privileges on Mac OS X machines managed by Centrify Agent.

To set this policy:
1) Open the policy and select Enabled.
2) Click Add.
3) Enter the name of a zone group in the box, then click OK.

If the Mac is joined with Auto Zone then you can map Active Directory groups instead of zone groups to the local group.

Supported on:

Group Mapping

Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\Mac\Accounts\MapGroup
Value Name{number}
Value TypeREG_SZ
Default Value


Administrative Templates (Computers)

Administrative Templates (Users)