The difference between administering Mac OS vs Windows machines

What's the difference between administering Mac OS vs Windows machines in terms of :

- difficulties encountered

Depends on what you mean by difficulties. The tools for administering the machines on a LAN are not as mature and well developed as the ones for Windows, so things that a Windows admin would normally do easily enough with Group Policies may be frustrating on a Mac LAN at times. Apple seem to be completely clueless about Systems Administration needs and requirements at times, so you will find some areas are very easily managed and other things that require a lot of time and trouble to get right. And it may well be the obscure things that are easy and the basic things that are difficult.

However, OSX being based on UNIX means that you have a wealth of tools and stuff available from that world to help you out.

One area that may complicate mac systems administration in the future is their dropping of the xserve and only having limited options available to run OSX server on now (The Mac Mini and Mac Pro are fine choices for a small business or branch office but might not work too well in a datacentre environment). Depending on the size of your mac environment (and therefore the amount of server-side stuff you need to administer them well) you may find those inadequate or difficult to work with.

• access control
• security

Being based on Unix, the mac generally uses the Unix security model (e.g. for permissions, user access, etc). Being a Mac, it has a few twists of its own to this model and a decent gui interface to make using this fairly simple.

Modern Mac OSes also support ACLs for things like file permissions, so in theory you get the best of both worlds. In practice... it works well enough but you can still find a few frustrating areas here and there.

• the number of calls to the helpdesk (is it lower?)

We get less calls for our macs than we do our windows machines, yes. I mean we get less calls for Macs than Windows machines because we have fewer macs, but we also get less calls proportionally, if you see what I mean. However, we still do get a few calls, especially from people who have never used a Mac before and struggle because its different to what they are used to.

At the end of the day, the biggest cause of calls isn't usually the OS itself but rather the applications, so I suggest that the applications are where you should be looking.

Our Macs generally run MS Office (and we do get some calls on that, usually where its not 100% compatible with our Windows version), Adobe Creative Suite (actually causes us less problems on Mac OSX) and Final Cut Pro (A very specialist bit of kit, we don't get many calls about this at all but only because specialist training and hand holding is given to people who use it here).

If you run a mixed environment then you can expect a few extra calls from all the platforms you support along the lines of "I know how to do x on OSbar, how can I make OSfoo do x in exactly the same way?"

An answer to that question highly depends on wether you talk only about clients or if you think about using Mac servers as well.

First, the clients:

• Security and access control is somewhat comparable to Windows, at least for small to medium sized organizations it should be possible to model any permission/security model you need with the tools offered by MacOS.

• Management of the clients is a mixed bag. On one side, tools are not as mature as under Windows and there is only a small selection of third-party tools available to help you managing your systems. On the other hand, one major advantage of MacOS is that you can run any machine in your environment from the same OS image (nowadays restricted to any Intel Mac, meaning any system Apple sold since since 2006), which can simplify initial system deployment considerably and makes it easy to reset any troubled machine to a known good state.

• Difficulties encountered: Integration with other systems, including Active Directory is possible, but can be quite bothersome, especially if you need very special configurations. This is due to a somewhat limited documentation and the general Apple stance that "they know what's best for you" and don't support any different approach and sometimes even actively try to prevent you from doing things your way.

• Helpdesk calls / user acceptance: I don't have any hard numbers except that, historically we got less calls per Mac machine than per Windows machine. In recent years, this difference got somewhat smaller but is still present. My experience (not backed up by numbers) is that computer beginners have less problems with Macs than with Windows machines and also Windows users forced to use a Mac tend to have less problems than Mac users forced to use Windows. I have a feeling that the latter might partly be the result of an emotional reaction, as certain Mac users consider their choice as a lifestyle/fashion/whatever statement.

All in all I would say that while Mac clients are a fine choice for small to medium sized businesses or education and research lab applications, they are a poor fit if you expect to manage hundreds or thousand of them in a big organization they way you would do with Windows machines.

Second, the server:

Should you consider to newly establish an environment with MacOS Server as a server OS, you should think twice. Since Apple will discontinue the XServe systems in January '11, they will have no viable Server system available to run MacOS Server on because Apple's suggestion of either the Mac Mini or the MacPro as a server isn't a real option.

Given this fact, I highly doubt they will actively continue to really develop MacOS Server or their XSan product any further, leaving their customers with some products that are in desperate need of major feature enhancements and which, in their current form, can only satisfy very basic needs.

Should you decide to go forward with this anyway, some hints on the pros and cons of MacOS Server:

• Actually, it's really easy to get up and running if you plan to offer basic fileserver and workgroup functionality for a small number of MacOS clients, and you can even add Windows machines to the mix without too many problems. It's way easier than with i.e. Windows Small Business Server, IMHO.

• Anything beyond the basics can become painfully difficult to achieve. This is due to the fact that the GUI admin tools are very limited in their functionality and the Unix foundations of the OS are "enhanced" with Apple-isms which are often undocumented and don't work like you would expect it from Linux or Unix.

• Enhanced features of some types of hardware is often unavailable for Mac systems, ie. multipathing for FC storage systems.

• The system itself has no support for any kind of high availability infrastructure for file services, and while it might be possible to put something together for AFP clients (Macs), this won't work for SMB (Windows) clients as even MacOS Server 10.6 still uses an age old Samba version without any cluster functionality.

• There is no roadmap for Apple products. You never know if and how they will continue their product lines and they have absolutely no problem to discontinue essential product lines on short notice without any considerations for their customers.

One of my current environments consists of a few XServes and around 100 clients (mixed Mac and Windows) and while the decision to use this system was reasonable when I introduced it in 2003, I wouldn't do it again today and in fact, will start to think about the future replacement soon.

Though from a high-level functionality perspective they're very similar they have vastly different management interfaces and scripting APIs.

The big difference is that there is no WMI on OSX. It's a different sort of animal. Group policy for mac is called managed preferences. Apple has put together a webcast on what's available. See Best Practices for Mac OSX client management