We’ve been migrating from SCCM 2007 to SCCM 2012 at work. One very interesting part of SCCM 2012 for us has been the support for Mac OSX that was added in SCCM 2012 SP1. We have about 70 Mac clients, I guess, on top of about 1500 Windows clients, and those 70 clients need a dis-proportionate amount of time to manage, not because of any problems with Mac OSX as such, but rather due to the lack of real tools available to manage a large desktop roll-out.
Please don’t tell me about Apple Remote Desktop or Profile Manager at this point. I know about ARD. I use ARD. It sucks. As does profile manager. They’re both better than nothing, but they are good examples of enterprise software that’s designed and built by people who don’t really understand enterprise requirements.
So far in our testing it’s proven very interesting. There’s something very disconcerting about seeing the SCCM client pop up on a Mac, though I suppose we’ll get used to it in time. The support for Mac OSX in SCCM is basic compared to the support for Windows clients, but this will only improve in time to be fair, and the most important bases are covered; we’ve installed packages and pushed down settings via custom .plist files with SCCM 2012 and it seems to work well enough. There’s a few rough spots if you wanted to be picky but the fact that this works at all is impressive enough.
Microsoft do seem to have missed a trick by not including remote desktop viewing in SCCM 2012 for Mac clients. As the Mac desktop sharing mechanism is essentially VNC then it shouldn’t have been too difficult to add a VNC client or at least allow you to plug your own in. Oh well.
Of more concern is the lack of support for Mountain Lion. Not sure when this will be rectified but it’s a bit of a show-stopper - I think if businesses aren’t already running Mountain Lion on their Macs then they must at least be making plans to move by now.
One final, weird thing I’ll leave you with: Microsoft include a version of System Centre Endpoint Protection for the Mac in this package. Installing Microsoft AntiVirus onto a Mac is weird enough (see below) but the strangest part of this is when you first download it. It comes down from the Microsoft servers as a .msi file. When you run the msi file, which you can only really do on Windows, it extracts a Mac .dmg file.The .dmg file then contains an installer which needs to be extracted from the .dmg so you can run it on your Macs. The intention of this is that you push it out via SCCM of course, but it still feels more than a bit strange to receive Mac software in a msi file.
If you find that confusing to read about, just think about how it felt to my colleague Ian and I when we actually had to deal with it.
[caption id=“attachment_119” align=“aligncenter” width=“470”]
System Centre Endpoint Protection installed on a Mac[/caption]
And the question of whether or not Macs need AntiVirus perhaps isn’t as clear-cut as it used to be these days, so this is quite a timely release on Microsoft’s part. Especially for people who can’t switch off well known vulnerability sinkholes like Java or Flash.
Update: My colleague, Ian, has blogged about his experiences with managing Macs via SCCM. His post contains all the technical details I’ve left out and is very well worth a read. Part 1 of his article (here) details our experience with the default SCCM client for the Mac, and Part 2 (here) will detail the results of taking up the kind offer from Carlos / Parallels in the comments below.