Can server 2016/2019 manage domain computers through GPO for Linux(Ubuntu) and MAC

%3CLINGO-SUB%20id%3D%22lingo-sub-2000325%22%20slang%3D%22en-US%22%3ECan%20server%202016%2F2019%20manage%20domain%20computers%20through%20GPO%20for%20Linux(Ubuntu)%20and%20MAC%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2000325%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20server%20team%2C%3C%2FP%3E%3CP%3EI'm%20new%20here!%20I%20want%20to%20know%20if%20latest%20windows%20servers%20can%20manage%20Ubuntu%20and%20MAC%20systems%20through%20Group%20Policy%20without%20helop%20of%20third%20party%20help!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20help!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2000325%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Egpo%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ELinux%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMac%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWindows%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2000511%22%20slang%3D%22en-US%22%3ERe%3A%20Can%20server%202016%2F2019%20manage%20domain%20computers%20through%20GPO%20for%20Linux(Ubuntu)%20and%20MAC%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2000511%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F905940%22%20target%3D%22_blank%22%3E%40bappaditya%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20short%20answer%20is%20no.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20long%20answer%3A%20Group%20policies%20are%20settings%20(mostly%20registry%2C%20logon-scripts%2C%20security-policies%2C%20and%20so%20on)%20which%20are%20available%20on%20a%20file-share%20(SYSVOL)%20for%20all%20domain%20clients%20to%20consume.%3C%2FP%3E%3CP%3EA%20Windows%20client%20has%20to%20apply%20this%20policies%20itself%20using%20a%20client%20agent%20(Group%20Policy%20Client%20which%20you%20find%20in%20Windows%20services).%20So%20the%20actual%20GPO-Engine%20is%20inside%20the%20client%2C%20not%20the%20domain-controller.%3C%2FP%3E%3CP%3EThe%20DC%20just%20makes%20sure%20the%20client%20can%20consume%20the%20policies%20and%20it%20also%20manages%20which%20policies%20the%20client%20should%20consume.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETheoretically%20a%20Linux%20or%20Mac%20could%20consume%20the%20contents%20of%20SYSVOL%20if%20it%20is%20domain-joined%20and%20wants%20to%2C%20but%20neither%20operating%20system%20has%20a%20builtin%20functionality%20for%20this.%20Furthermore%20as%20everything%20found%20inside%20the%20SYSVOL%20is%20very%20Windows-specific%2C%20even%20if%20a%20Mac%20would%20try%20to%20consume%20it%2C%20it%20wouldn't%20know%20what%20to%20do%20with%20a%20registry%20setting%20for%20example.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20can%20use%20third%20party%20solutoins%20for%20this.%20There%20are%20solutions%20which%20let%20a%20Linux-Domain-Client%20consume%20shell-scripts%20from%20a%20SYSVOL%20share%20on%20logon%2C%20which%20would%20allow%20you%20to%20implement%20something%20similiar%20to%20group%20policies.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20the%20end%2C%20group%20policies%20are%20a%20Windows%20operating%20system%20feature%20and%20the%20other%20platforms%20do%20not%20have%20anything%20comparable%20to%20that%20(shell-scripts%20and%20config-files%20alone%20cannot%20get%20you%20the%20full%20featureset%20of%20GPOs).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20you%20want%20to%20manage%20settings%20on%20Macos%20and%20Linux%2C%20try%20using%20intune%20instead.%20Microsoft%20Intune%20can%20manage%20Linux%20and%20Mac%20Clients.%20You%20can%20combine%20it%20with%20MS%20Defender%20ATP%20and%20get%20configuration%20and%20compliance%20monitoring%20this%20way.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

Hello server team,

I'm new here! I want to know if latest windows servers can manage Ubuntu and MAC systems through Group Policy without helop of third party help!

 

Please help!

1 Reply

@bappaditya 

The short answer is no.

 

The long answer: Group policies are settings (mostly registry, logon-scripts, security-policies, and so on) which are available on a file-share (SYSVOL) for all domain clients to consume.

A Windows client has to apply this policies itself using a client agent (Group Policy Client which you find in Windows services). So the actual GPO-Engine is inside the client, not the domain-controller.

The DC just makes sure the client can consume the policies and it also manages which policies the client should consume.

 

Theoretically a Linux or Mac could consume the contents of SYSVOL if it is domain-joined and wants to, but neither operating system has a builtin functionality for this. Furthermore as everything found inside the SYSVOL is very Windows-specific, even if a Mac would try to consume it, it wouldn't know what to do with a registry setting for example.

 

You can use third party solutoins for this. There are solutions which let a Linux-Domain-Client consume shell-scripts from a SYSVOL share on logon, which would allow you to implement something similiar to group policies.

 

In the end, group policies are a Windows operating system feature and the other platforms do not have anything comparable to that (shell-scripts and config-files alone cannot get you the full featureset of GPOs).

 

If you want to manage settings on Macos and Linux, try using intune instead. Microsoft Intune can manage Linux and Mac Clients. You can combine it with MS Defender ATP and get configuration and compliance monitoring this way.

www.000webhost.com