Credant has added support for managing FileVault 2-encrypted Macs to Credant Enterprise Edition for Mac 7.5.x. Based on my working with it over the past couple of weeks, it looks like a solid solution for managing FileVault 2 encryption on both 10.7.x and 10.8.x. For more details, see below the jump.
A recent discussion on the MacEnterprise list focused around how to give members of Active Directory groups the ability to run commands as root using the sudo command-line utility. This would allow the users in those groups the ability to run some or all commands with root privileges in Terminal without having to give those accounts administrative privileges on the Mac in question.
To do this, you would need to add an entry to the /etc/sudoers file. /etc/sudoers gives listed users or groups the ability to execute commands while having the privileges of the root user.
To edit /etc/sudoers safely, make sure to use the visudo utility. This application will do a sanity check on your changes to /etc/sudoers before putting them into production.
visudo uses vi as its editor. If you haven’t used vi previously, I recommend doing some research on vi commands before launching visudo.
Adding entries to /etc/sudoers
Adding the following entry to /etc/sudoers would allow you to give full sudo permissions to an AD group named ITadmins:
%DOMAIN\\ITadmins ALL=(ALL) ALL
Because a number of AD groups have spaces in the names, you’ll need to escape the spaces using backslashes. For example. adding the following entry to /etc/sudoers would allow you to give full sudo permissions to an AD group named Group Name With Spaces:
%DOMAIN\\Group\ Name\ With\ Spaces ALL=(ALL) ALL
In both cases, replace DOMAIN with your AD domain’s name.