Managing Macs in Your Windows Environment
At a Glance:
- Setting up a Mac on your network
- Troubleshooting network problems
- Sharing files and folders among Macs and Windows-based systems
- Using network printers for your Mac
The Mac family of computers from Apple is becoming increasingly popular on more and more networks. For instance, at the end of 2007, Digital Trends reported that the US Army uses about 20,000 Macs on a regular basis. This is one part of a larger program that is intended to increase diversity in the computing base so that a single attack (such as a virus) would not impact all of its computers.
Macs can become a part of a primarily Windows-based network for a variety of reasons. Someone on the network may simply think Macs are cool, users who own Macs at home may want a similar computing experience at work, or users who have been trained on Macs may opt to work on Macs. Whatever the reason, it happens, and you need to be prepared for the time when, as a Windows network administrator, you have to deal with Macs in your environment.
You may not think so, but this actually creates a fantastic opportunity for you as an IT professional. Instead of being like many administrators who "don't do Macs," you can be the IT guy who will do whatever the organization needs—whether it be supporting Macs or Windows. This can greatly increase your value to the organization, broaden your resume (for promotions and future job prospects), and bring a little something different to your daily routine. Fortunately, current Mac client computers aren't very difficult to support. In fact, you'll be surprised at how similar they are to Windows computers.
The Internet has played an enormous role in bringing Macs and Windows closer together. Internet technologies were based primarily on technologies found in UNIX operating systems, such as the TCP/IP protocol suite. Over the past decade or so, Windows has adopted many of those protocols for standard operations, such as networking, printing, and even authentication. The current Mac operating system, Mac OS X 10.5, is actually based on the BSD (Berkeley Software Distribution) UNIX platform, and thus it uses many of the same protocols under the hood. Sure, the Mac UI differs from the Windows UI, but what's happening underneath those UIs is becoming increasingly similar.
Getting on the Network
The first challenge to integrating Macs in the infrastructure—getting them on the network—has definitely gotten easier. While older Macs support TCP/IP, Macs have always been known to rely primarily on the AppleTalk protocol, a proprietary network protocol known for its chattiness. In fact, the Microsoft Services for Macintosh solution gave Windows Server the ability not only to speak AppleTalk but also to emulate a Mac for file and print sharing.
What many people don't know is that AppleTalk has officially been a dead protocol for many years. Apple itself turned off AppleTalk in the late 1990s, and most infrastructure devices (routers and so forth) stopped supporting it in the 2001 and 2002 timeframe. Today, Macs are almost purely TCP/IP. Click on the omnipresent Apple menu at the top of the screen, select System Preferences (the Mac equivalent of the Windows Control Panel), and double-click Network to configure the network.
Figure 1 shows you that the available networking interfaces—Ethernet, the wireless AirPort, and so forth—are easily configured to use Dynamic Host Configuration Protocol (DHCP), which is the default. And just as the latest versions of Windows, Mac now even supports IPv6.
Figure 1 Configuring networking interfaces on a Mac (Click the image for a larger view)
Clicking Advanced will allow you to configure more details on TCP/IP, DNS, and even WINS. (Anyone still using WINS out there?) You can enable AppleTalk if the system needs to communicate with older Macs, and modern 802.1X authentication is available. As shown in Figure 2, you can manually configure various protocol proxies or allow proxy configuration to occur automatically by means of a PAC file.
Figure 2 Configuring proxy settings on a Mac (Click the image for a larger view)
So much for AppleTalk! You might, however, be interested in a TCP/IP-based advertising and discovery protocol that Macs use. This protocol is called Bonjour, and there's a version of it available for Windows, too. (It's important to note that Bonjour was called Rendezvous while under development, and it is still referred to by that name in some older technical documents.)
You can think of Bonjour as a spiritual successor to NetBIOS, although it bears a stronger resemblance to Universal Plug-N-Play (UPnP), another protocol supported by both Mac and Windows. The main purpose of Bonjour is to advertise available services such as file sharing, printers, and remote speakers (used by Apple iTunes and Apple TV).
Bonjour isn't a broadcast-based protocol, so it isn't as chatty as you might think—though it does put a noticeable amount of additional traffic on the network. It can be disabled—in a corporate environment where you're not relying on computers being able to advertise and discover services, disabling Bonjour can remove a bit of overhead from the network. To disable Bonjour, just open a terminal window (the Mac command-line window, which typically runs the UNIX BASH shell) and run:
launchctl unload -w
Note that disabling Bonjour can make some of the built-in Mac applications, perhaps most notably iChat, behave a bit oddly. If you plan to allow internal apps like iChat (which is compatible with AOL Instant Messenger, which some companies allow internally), you should do some testing first to make sure everything works as expected.
Once on the network, Macs behave in almost exactly the same way as your Windows clients behave. They use DHCP to get an IP configuration, they auto-configure IPv6 if you're not providing an IPv6 configuration via DHCP, they use your DNS and proxy servers, and so forth.
Troubleshooting the Network
Macs offer two distinct ways to troubleshoot the network. One approach will be more familiar to Windows administrators because it utilizes many of the command-line tools you already use. You start by clicking on the desktop wallpaper of the Mac—this activates Finder, which is the Mac equivalent to Windows Explorer.
You can then press Shift+Command+U to open the Utilities folder. Now double-click Terminal to open the BASH shell. Here you have access to most of the common network troubleshooting tools—Ping, Traceroute (it's not tracert, but it does work the same way), Nslookup, and more. Figure 3 shows a few of them in action. Note that ipconfig is available, but it is a very different—and more powerful—command than what you get in Windows. You'll need to take some time to learn how to use Ipconfig on the Mac, though you might find that the Mac UI offers an easier way to access this information.
Figure 3 Using some familiar network troubleshooting tools on the Mac (Click the image for a larger view)
If you'd rather not use a command line, you can use the Network Utility application, which is an excellent all-in-one tool with a graphical UI (see Figure 4). The Network Utility application can be found in the same Utilities folder where Terminal is located.
Figure 4 The Network Utility app gives a graphical UI to network troubleshooting (Click the image for a larger view)
Network Utility provides a graphical UI for Netstat, Ping, DNS Lookup, Traceroute, and more. It even has a built-in port scanner! You can perform most of your network troubleshooting right from this tool. The Info tab even displays the configuration information you would get from ipconfig on a Windows computer.
I've had some users bring up the lack of Spanning Tree Protocol (STP) support in Macs. Most newer networking switches support STP as a means of reducing network overhead and improving throughput. And there's a persistent belief that Macs don't work when STP is enabled.
It is true that the AppleTalk protocol does not work well with STP, and if you must use AppleTalk, you'll have to disable STP on the switch ports used by Apple computers. But as I already mentioned, AppleTalk is considered a dead protocol and there shouldn't be much reason to use it.
My suggestion is that you shut off AppleTalk unless you explicitly need to leave it enabled to support older Macs—and I mean Macs running OS 8 or the very earliest versions of OS 9. That's more than 10 years old! Macs running TCP/IP have no troubles with STP or anything else you may be using to fine-tune your network infrastructure.
You might be surprised to learn that Macs have built-in abilities to connect to Windows-based shared folders. With Finder active, press Command+K (or select Connect to Server from the Go menu). As Figure 5 illustrates, you simply need to enter the protocol prefix smb:// and then the name of the server to which you want to connect. Once that is done, you will be prompted to authenticate, and if you haven't specified a shared folder, you will be prompted to select one.
Figure 5 Connecting to Windows-based shared folders (Click the image for a larger view)
Unlike Windows systems, Macs don't have drive letters, and, therefore, you can't map a network drive. Instead, connected drives show up in Finder, along with regular, local disks. Connected drives can use FTP, Server Message Block (SMB), or many other protocols. And although Macs don't technically have logon scripts, you can easily configure them to have drives automatically reconnect each time the user logs on.
To do this, open a Finder window to view a list of connected drives. Then open System Preferences and select Accounts. Select the user's account and switch to the Login Items tab. Then drag any connected drives from Finder to the list of login items and ensure that each drive is checked to have it automatically reconnect at login.
Likewise, Macs can share local folders with Windows clients. In System Preferences, you need to open the Sharing panel and enable the File Sharing option, as shown in Figure 6. Then add whatever folders you like to the list of Shared Folders. This procedure is different than on Windows. In Windows Explorer, you would right-click the folders you want to share and configure sharing on the folder itself. With a Mac, you centrally control the list of folders to be shared.
Figure 6 Enabling the File Sharing option on a Mac (Click the image for a larger view)
This is also where you control Mac permissions. But Macs, given their UNIX base, have a simpler system of permissions than Windows has. Essentially, on each folder, you can assign Read, Read & Write, Write Only, or No Access permissions to any user or group. One helpful trick is to click the Options button in the Sharing pane and ensure that files are being shared using SMB, the protocol Windows clients know how to use. The default is to share only via Apple File Protocol (AFP), which is accessible only to other Macs.
Printing from a Mac can be tricky—not because printing is difficult to set up, but rather because there are so many options from which to choose. The first step, obviously, is to find out the type of printer to which you're printing and then to obtain a Mac-compatible device driver for it. Note that this step can be difficult for older printers, but here is a short list of rules that can help you find the right driver:
- Newer inkjet printers, especially those from Canon, Epson, and HP, typically have Mac drivers. Check the vendor's Web site.
- Apple is notorious for making sweeping changes to the printing subsystem in minor version releases. So it's important to always match printer drivers to the major and minor version number of the Mac OS. A printer driver written for OS 10.2 might not work with 10.5.
- Laser printers are the toughest to find specific drivers for, but you can usually use either a generic HP PCL driver or a generic PostScript driver, depending on which of the following two printer control languages your laser printer supports. Adobe publishes a free, generic PostScript driver for Macs and a free open-source PCL driver for Macs is available at sourceforge.net.
Newer versions of the Mac OS, on the other hand, use a licensed version of the Common UNIX Printing System (CUPS), which makes it much easier for vendors to write drivers. It's important for you to understand that Macs don't work with the Windows Point and Print system, which means you cannot simply store the Mac printer driver on a Windows print server, as you can for different versions of Windows. And Macs aren't able to utilize the print server's printer driver, either.
Instead, Macs need to have their own locally installed printer driver. The printer driver is responsible for accepting print data from an application and then generating the print spool file. How the spool file gets to the printer depends on what type of printer you're using.
With the right driver installed, you can then set the printer up in System Preferences, under the Print & Fax panel. You'll see that Macs support a variety of methods for connecting to printers:
- Line Printer Daemon (LPD) is supported by UNIX print servers, by Windows servers running Microsoft Services for UNIX, and by most printers attaching directly to the network or attaching by means of a network print server device.
- HP JetDirect connections are supported directly.
- Internet Printing Protocol (IPP), which is based on HTTP and used within CUPS, is supported by many remote-printing services offered at hotels and other venues.
- Windows printers shared by a Windows server or client computer (see Figure 7) are supported, as Macs have the ability to browse Windows workgroups (which they detect by using the network browse master) or domains.
- Bluetooth printers aren't typically used in an enterprise situation, but if you have a user who needs a personal printer, this provides an easy way to connect to one.
- AppleTalk, which of course requires that the AppleTalk protocol be turned on, is useful for connecting to older printers that support AppleTalk.
- Vendor-specific connectivity, such as Canon IJ Network, Epson FireWire, Epson TCP/IP, HP All-in-One faxes, and HP IP Printing.
- Bonjour is supported by many newer network printers designed for small office and workgroup use (such as many of the newer networked all-in-one devices), allowing printers to advertise their presence and making it possible for Macs to quickly locate them.
Figure 7 Accessing shared Windows printers (Click the image for a larger view)
From a Windows perspective, the ability for Macs to connect directly to Windows printers, and to connect to LPD printers, will be the most useful option for you. Keep in mind that Windows print servers often use either LPD or JetDirect to connect to physical print devices.
While a Mac can indeed connect directly to the physical printer using the same protocol, remember that you won't be able to use the Windows server computer to manage the print jobs submitted by the Mac. As an alternative, having the Mac submit print jobs to the Windows server, rather than directly to the printer, allows the Mac print jobs to be prioritized and managed along with the print jobs being submitted by your Windows client users.
Embrace Your Macs
As you can see, getting Macs running on your network and providing them with basic infrastructure services such as networking, file sharing, and printing isn't all that different from providing those same services to Windows client computers. In fact, Macs are becoming increasingly capable as full-fledged clients on a Windows network—so much so that I've started running a regular series of Mac interop articles
on my blog.
The mission of striving for an entirely homogeneous network is fading fast, as businesses recognize that different platforms offer different strengths that can be exploited to increase productivity. The use of open and well-understood protocols in Windows makes it easy to incorporate other client platforms. And, of course, the fact that Macs use the same protocols makes it easier to integrate and support Mac systems in your Windows environment.
I hope you found this information helpful in your quest to become the IT guy who does it all, Mac or Windows!
is the coauthor of Windows PowerShell: TFM
and the author of dozens of other IT books. Reach him through his blog at www.concentratedtech.com