What is Reddit's opinion of
munki?
From 3.5 billion Reddit comments
11 reviews of this app found across Reddit:
Do basic endpoint security on the Mac, give them your standard image as a Windows VM for domain services, do drag and drop or a share between the host and VM, and inform them of which services need to be run only from the VM.
And if you decide you want to automate deployment on the Mac side, you can set up deploystudio & munki in an afternoon.
This person sounds like they use technical tools for their job, so they should be able to pick up on whatever you design for them to use. If you're still concerned, get them to sign an SLA saying their hardware is not supported and you're not responsible for servicing their equipment outside of making sure it's okay to be on the network. I don't think it'll be as big a deal as you're expecting.
I was trying it out for App updates but your best option is "Munki" https://www.munki.org/munki
I've been using it since early summer and it keeps all software up to date for me. When new updates come out I approve which updates are to get pushed out and then our labs or one off computers get all the latest software. Wrks great for keeping Adobe Flash, Java etc. type updates current. Also works great with Apple Store Apps.
MDM is indeed Mobile Device Management, and when Apple say 'MDM', they essentially mean 'any Apple product' regardless of mobility - it's not just iDevices.
Munki is a FOSS package management system (actually written and released by Disney, of all people) that can neatly hook into the OS updates. Setting it up is pretty simple and Disney used it at a large scale.
Do you have a Mac Mini setup with macOS Server? If not, take the plunge and get it ($19.99). You'll most definitley want to use the caching server function for software updates anyway, so it's worth the 20 bucks for that alone. It also has Profile Manager...a poor mans "MDM", which will allow you to push configuration profiles (I would push all of these via profiles). I've heard that Profile Manager kind of crumbles when you get around 80+ clients, so I'm thinking you should be okay.
For dock profiles I use this tool:
http://errorfreeit.com.au/blog/2015/4/28/dock-master
Also this:
https://github.com/kcrawford/dockutil
And of course the obligitory:
https://www.munki.org/munki/ - For applications use profile manager for everything else. You can also use ansible, pupet or chef on os x too, not that I've ever tried any of them. ( our one sysadmin that managed a bunch of macs used puppet, munki,and profile manager to get things the way he wanted)
I highly recommend the Macadmins Slack. It’s a super helpful resource for this kind of thing. ARD isn’t the best tool for a task like this, but if it’s all you have, you’d probably want to setup a Mac as an ARD Task Server. But that’s got limitations.
I suggest looking into a tool like Munki. Or if there’s also a need for deployment and management as well, MDS from two-canoes is amazing.
https://www.munki.org/munki/ https://twocanoes.com/products/mac/mac-deploy-stick/
So since you said you're working for a non-profit, I'm going to guess that budgets are tight. The Mac Admin guys over at Disney/PIXAR started their own "MDM solution" that's fairly popular and is open source that may be an option:
Centrify can do this, they have a product called Centrify for Mac. Don't buy from them though, they're an awful company.
JAMF have something called Casper Suite, which can manage Macs in its sleep (and so much more) but I don't think it connects to AD. rather it uses its own management server.
Manage Engine has something called Desktop Central (they also have Desktop Central MSP, which is relevant for you) which can manage Macs - disclosure my company is a Manage Engine partner (though I myself don't work with Desktop Central).
If all they want is a "simple" way to install software on the macs, they could look at Munki.
There's some GREAT resources available at the MacSysAdmin pages too: http://documentation.macsysadmin.se/Documentation2018/Documentation.php
Just click on the years and you'll see a bunch of articles, freely available. I'd also recommend attending the conference if your company will pay for the flights, it's a wonderful conference and I come away every year learning a bunch of actual/practical/usable stuff.
To tag on to the JAMF recommendation, if you want something to run at home (assuming you have some apple gear) in a lab environment, go with munki.
Tons of documentation out there, and the fundamentals of Desktop MDM in the Apple ecosystem are universal.
I mean the pain points surrounding administering OS X desktops is essentially why Disney developed Munki. It's probably less of a problem now than it used to be pre-2014.
You can join macs to a Windows domain and attach their regular windows shared folders too. The OS X server will allow you to do some basic management but if you want to automate software installs you can use https://www.munki.org/munki/. You can also use ansible, puppet, or chef to push out client configurations if that's your thing. I know there were some group policy addons for OS X on the windows server side but I never saw anybody try to implement them so I have no idea how well they work. (Also, SCCM can supposedly manage Macs, but I also have no firsthand experience with managing Macs through SCCM)