Mac Configurations

MacBook Initial Startup steps:

When you get the MacBook from ITAM they should already been ADM and intune with MDM enrollment completed

  1. Open the lid – MacBook will come ON automatically
  2. Follow the screen instructions very carefully
  3. You will be prompted to how you need to connect to the network via Wifi or local ethernet
  4. You will be prompted to enter the user’s account – have user put in their county login credentials – this step is required
  5. For the computer account you MUST create one this will be the local admin account otherwise you will not be able to go on to the next step
  6. When the initial startup enrollment is completed you now on the desktop
  7. Click on Settings
  8. General
  9. Software Updates
  10. Click on Updates for any new updates
  11. When all updates are installed now you can follow the steps below to join the device to the domain

Join MacBook to the domain OS version “Ventura or Sonoma”

To join a company MacBook to the domain, follow the steps below:

  1. Go to System Settings > Users & Groups.
  2. Click Edit on Network Account Server
  3. Click on Open Directory Utility
  4. Click the lock icon bottom left corner to unlock and enter the local Mac’s administrator password.
  5. Double Click on Active Directory and ether the local administrator password
  6. Click Options.
  7. Under User Experience:
    1. √ check local home directory on startup disk
    2. √ check Use UNC path from Active Directory to derive network home location
    3. Network protocol to be used: smb;
    4. √ check Default user shell: /bin/bash
  8. Under Mapping: leave all unchecked
  9. Under Administrative: √ check Allow administration by and click on the + symbol and enter the following one at a time.
    1. domain admins
    2. enterprise admins
    3. isdgglocaladmins
    4. scclocaladmin
  10. √ Check Allow authentication from any domain in the forest
  11. Click OK
  12. Active Directory Domain: Sccgov.org
  13. Computer ID: enter your device name
  14. Click “Bind
  15. Unsername: your field account (must have privilege to join mac devices if getting error see Shawn)
  16. Password: your FS account password
  17. Computer OU: OU=ISD,OU=SCCComputers,DC=sccgov,DC=org
  18. Make sure both boxes are check and Click OK
  19. If successful you will see the domain name in Green
  20. Restart
  21. At the logon screen you will see the Local Mac Account as the default please wait 10-15 seconds to allow the Mac to sync with the active directory to allow domain user to login.
  22. After 15 seconds or more you now hover the mouse on the picture and you will see another user click on that to login with your county personal login.
  23. Please note you WILL NOT see your desktop like the normal PC, but your network drives should be available for access
  24. Click on Finder on the taskbar to get to the network folders
  25. Also please note that HHS field support technicians are not trained to work on Macbook, but you can try calling your organization’s help desk.

Ping the device host name now it should be online and getting the IP address.  RDP into the device now.

Installing Apps required by county CISO

  1. Zscaler
  2. Qualys
  3. CrowdStrike
  4. Microsoft 365
  5. Microsoft Edge