About Enterprise Connect

rjlemmon
New Contributor II

Hi all,

This is Rick Lemmon from Apple Professional Services. I'm happy to answer any questions you have around Enterprise Connect. For those of you who are unfamiliar with the tool, it provides a good level of Active Directory integration for Macs that are not domain bound. It also enhances AD integration for Macs that are domain bound and have a user logging in with an AD account.

Enterprise Connect is simply an application. Once it has been set up, it resides in your menu bar. Specifically, Enterprise Connect provides:

Kerberos SSO support: Enterprise Connect includes a built in Kerberos client and ensures that your users have a Kerberos TGT.
Account management: Enterprise Connect notifies your users, via Notification Center, when their AD password is about to expire. They can change their AD password right within Enterprise Connect.
Network shares: Enterprise Connect can mount network shares, including your AD network home and any other SMB or AFP shares you'd like to mount.

It works great if you are bound to an AD domain, but again, there is no requirement to bind to the domain to use it. It works great from a local account on an unbound system.

Enterprise Connect is driven by network state changes. When a state change occurs, Enterprise Connect checks to see if your corporate network is available, and if it is, it will acquire a Kerberos TGT, check password expiration and re-mount your shares if they have disconnected. It is also triggered by wakes from sleep and in a couple of other situations.

There's also a lot of other useful features (configuration profile support, can run scripts, etc) but for the sake of brevity I'll leave those things for later.

You may be asking "How do we get it?" or "Can I see a demo?". Please contact your Apple account team for more information on these subjects. Also, Enterprise Connect is only available to USA based customers.

I'll be following this thread, so please respond with any questions.

243 REPLIES 243

dpodgors
Contributor

We get an email from APS-ETS aps-ets@apple.com that Enterprise Connect has been update. You might want to contact them.

SeetendraPanda
New Contributor III

We are getting an error while we are trying to get AEC installed on 1 particular machine. It simply says that apple enterprise connect is not installed properly please get in touch with your System Administrator for assistance.
Is this something anyone of us has seen?
We have already removed the application couple of times and installed it back but still no luck once we have completed a restart on the mac it stops working.

KyleEricson
Valued Contributor II

@SeetendraPanda I used this script to uninstall AEC completely then re-install

#!/bin/bash
#variable for storing the current users name

currentuser=`stat -f "%Su" /dev/console`
echo $currentuser

su "$currentuser" -c "security delete-generic-password -l 'Enterprise Connect'"


file="/Library/LaunchAgents/com.apple.ecAgent.plist"
if [ -f "$file" ]
then
    launchctl unload /Library/LaunchAgents/com.apple.ecAgent.plist
    sudo rm -rf /Library/LaunchAgents/com.apple.ecAgent.plist
else
    echo "$file not found."
fi


sudo killall 'Enterprise Connect Menu'

sudo rm -rf /Applications/Enterprise Connect.app 


sudo jamf recon

#Call policy to reinstall
/usr/local/bin/jamf policy -event ec-install

exit 0
Read My Blog: https://www.ericsontech.com

jtrant
Valued Contributor

Has anyone had any success migrating their password change script to the Kerberos SSO extension? The script we're using calls /usr/bin/security find-generic-password -l "Enterprise Connect" to grep the current credentials from Enterprise Connect, and obviously these entries no longer exist.

The 802.1X script greatly improves the password change experience by clearing cached credentials, so I'd really like to figure out an alternative as we gradually move away from Enterprise Connect.

Thanks!