Mac settings vs Windows GPO comparison sheet

catfeetstop
Contributor II

Hey all,

I need some suggestions. My managers have asked me to compose a list of the settings we set on the Macs compared to the Windows GPO we have set. I'm struggling to figure out the best way to write this up. I can't really find a way in the JSS to export of list of all the settings in an easy to read format. I know I can create some sort of list in the JSS Summary but that doesn't really give me the detail they want. I need a list of all the settings that are being set in each configuration profile and any policies with settings applied.

Has anyone else had to do something like this? Any ideas?

Jamie

2 ACCEPTED SOLUTIONS

mm2270
Legendary Contributor II

System Information.app lists out MCX (called "Managed Client") settings in a nice Name and Value column format. It also lists Config profiles. The MCX settings are easier to read through that method, but either may work, and MCX may not be an option for you if you aren't using those.

You can export the Managed Client section or Profiles section out to a text file from Terminal that you can read through later. For example:

system_profiler SPManagedClientDataType > ~/Desktop/MCX.txt

Or export to an xml file

system_profiler -xml SPManagedClientDataType > ~/Desktop/MCX.xml

Same would work for exporting Profiles.

View solution in original post

Look
Valued Contributor III

In our environment at least I can't see MCX providing nearly enough information to match what is in AD GPO.
It would be a combination of the following for us.

Policies
Managed Preferences
Configuration Profiles
First run scripts on the images
Last run scripts from Deploy Studio

...and probably a bunch of other stuff I have missed.
Then of course there is the fact that probably 3/4 of the Windows GPO's are either irrelevant or don't have an equivalent process on OSX platform, this would be the first port of call for me, to eliminate the ones that simply aren't relevant to the OSX platform.
I don't envy you my friend.

View solution in original post

4 REPLIES 4

Not applicable

What if you instead used example machines, say from each relevant group, and then from their inventory records went to the management tab and copied out everything from 'Policies with this computer in the Scope?'

mm2270
Legendary Contributor II

System Information.app lists out MCX (called "Managed Client") settings in a nice Name and Value column format. It also lists Config profiles. The MCX settings are easier to read through that method, but either may work, and MCX may not be an option for you if you aren't using those.

You can export the Managed Client section or Profiles section out to a text file from Terminal that you can read through later. For example:

system_profiler SPManagedClientDataType > ~/Desktop/MCX.txt

Or export to an xml file

system_profiler -xml SPManagedClientDataType > ~/Desktop/MCX.xml

Same would work for exporting Profiles.

Look
Valued Contributor III

In our environment at least I can't see MCX providing nearly enough information to match what is in AD GPO.
It would be a combination of the following for us.

Policies
Managed Preferences
Configuration Profiles
First run scripts on the images
Last run scripts from Deploy Studio

...and probably a bunch of other stuff I have missed.
Then of course there is the fact that probably 3/4 of the Windows GPO's are either irrelevant or don't have an equivalent process on OSX platform, this would be the first port of call for me, to eliminate the ones that simply aren't relevant to the OSX platform.
I don't envy you my friend.

catfeetstop
Contributor II

Thanks everyone! I totally forgot about System Information.app for some reason. That's the key. Thanks so much!