Enable this group policy to specify one or more zone groups to map to a Mac local group on the local machine. Members of the zone groups you specify here have the privileges of the Mac local group on the local machine, For example:
1) Able to manage printer setting if map to _lpadmin local group
2) Grant admin priviledge to AD group if map to admin local group
Note: to map zone groups to local admin group, you can use either this policy or "Map zone groups to local admin group" policy, but please don't use both at the same time as it may lead to unexpected result.
Be certain to create a zone group in Centrify DirectManage Access Manager and add users who you want to have the group privileges on Mac OS X machines managed by Centrify Agent.
To set this policy:
1) Open the policy and select Enabled.
2) Click Add.
3) Enter the name of a zone group in the box, then click OK.
If the Mac is joined with Auto Zone then you can map Active Directory groups instead of zone groups to the local group.
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | Software\Policies\Centrify\CentrifyDC\Settings\Mac\Accounts\MapGroup |
Value Name | {number} |
Value Type | REG_SZ |
Default Value |