

Users in the admin group can do many things to administer the system, and can elevate themselves to root (unlimited privileges) simply by authenticating with their own password. The root user is the superuser with unlimited privileges. The only groups you really need to concern yourself with are the admin group, and any custom groups you choose to make for the purposes of sharing files between your account and any other local accounts. DO NOT try to change them, delete them, add or remove users to/from them, etc. They re used by the internal workings of the system and you really don't need to worry about them. On a home computer running OS X, there still are the traditional groups like system, staff, wheel, etc. Thhey are a carryover from the UNIX systems that have been used for decades in institutions like universities, where there may be dozens or hundreds of different groups set up by the system administrators, to manage thousands of individual users with thousands of computers. You really don't need to worry about these groups. It would be even better if they could do so from a holistic cloud-based IDaaS platform that was designed for modern IT networks. Ideally, IT admins would be able to deploy GPO-like capabilities for Windows, Mac, and Linux systems from one comprehensive identity management solution.


In other words, IT must be willing to accept the cost and hassle of AD on-prem, all the while knowing that it can only solve part of their system management needs. That means IT admins will have to devote significant time and resources to configure the same system policies granularly on Mac and Linux, or add complexity with multiple add-on solutions.Īnother issue for cloud-forward IT organizations is that GPOs are deployed from AD on-prem. The challenge is that GPOs cannot be applied to non-Windows systems without the help of add-on tools. Group Policy is definitely a powerful function of the AD platform. In essence, they enable IT to manage fleets of Windows systems from one central management platform. GPOs are effectively templated commands and scripts that enable IT admins to configure screen lock timeout, disable USB ports, and control a wide array of Windows system behaviors. Group Policy Objects are the manifestation of this concept. Microsoft pioneered the concept of Group Policy when they introduced the Active Directory® (AD) platform in 1999.
