Are you saying that Macs require 1/10 of the support effort, or that you feel you are not able to provide as much support as you feel typical enterprise users get?

This is either a testament to the quality of OS X, or to your (and your colleagues') abilities! :D

Just a silly question. Not that you really need it, but there is Norton for the Mac, would that not pass muster?

That is the real reason for IT resistance. They come up with all sorts of rationalizations, but that's the reason.

IT guy: We can't use Macs in our company because they're proprietary and don't integrate into our system.

User: Isn't Windows proprietary? Isn't Active Directory?

IT guy: But it's what I know.

User: Aren't you supposed to be a professional?

IT guy: You just don't understand computers.
:rolleyes:

.
Seems a more cost-effective policy would be to "make sure no PC gets in".
.

.
The problem, of course, is that management and IT will all-too-often treat Microsoft/Windows as the de facto standard. Which unfortunately is arguable due to their market share. But it’s dropping and dropping...
.

Not really. IT began treating Microsoft/Windows as the de facto standard right from the beginning, before there was a market share to measure. Even (especially?) now, market share is really just an excuse. The internet is generally based on standards, and using Microsoft products tends to violate those standards (ie: IE) so that anyone legitimately concerned about standards shouldn't be using their products.

Actually, OS X Server lacks so many "enterprise features" that I am blessed that I get to use the Casper Suite from Jamf software (see http://www.jamfsoftware.com) to manage those 8,000 machines. Apple does do a few cool things like MCX, and straight up POSIX plus ACLs make permissions and access a breeze, but if someone slaps a CD of some software on my desk, how do I get it out to those 8,000 machines? I certainly am not going to use the CD on each one. OS X Server has no application/package deployment technology in it. ARD task server is a joke and inefficient since the machines have to be powered on during the time the task is set or they fail and never retry. I use Casper for that.

Also, the built in netboot and imaging features are not that great. Again, Casper to the rescue. This is my third year running the 1:1 and if I did not have Casper, my life would be so much harder. Apple makes a great end user product, everything else needs vast improvements. There are certain people at Apple that don't care for the enterprise market either, so they don't push that side of Apple all that much. Which is another reason you do not see companies and hospitals using them.

Yes there is a Mac client for Norton, and it does come in useful for certain things. Macro viruses, trojans, and other exploits that still do exist for the Mac. You can't defend against any type of "social engineering" exploit that fools the user to input their admin credentials to install something that is going to damage or root your system. I, even with my limited programming skills, could slip in an installer script in a package that could enable the root account, change the password to what I want, turn on ssh and then email me the results.

Also, let us not forget the month of Apple bugs, and the well known security holes in OS X that took Apple a super long time to fix. To be fair I must say we need to acknowledge two things. 1) Apple has a solid OS based on Unix which for the most part is very secure, and 2) Apple takes a long time to fix known security holes and bugs which can be used as exploits, but they are not all that widely known and most hackers/exploiters don't care.

I am not trying to say if Apple had the same market share as say Microsoft they would have all the same exploits and viruses, because they are too different of OSes to have the same issues when it comes to that. What I am saying is, there will always be potential for such things. Unilaterally thinking that I am using a Mac and therefore I am safe regardless is not a good idea in my mind.

Fingers-

One thing I was going to mention but forgot. When I was talking about how small my department was versus our machines I was trying to parallel the fact that in those types of work environments in IT you don't have the work force to even try to adapt, train, or migrate anything. Most of my job is reactive instead of proactive because I am so far stretched between responsibilities (OD admin, server admin, casper admin, package creation, package deployment, group policy, end user support, training, and so forth) that I hardly have time to work and plan ahead. If my department were bigger, I could focus on such things and specialize perhaps. If your IT department is large enough to do this, then it would be easier to migrate to a new product, slowly train your staff, and help the process along.

Did you take a look into LANRev? I'm looking into that right now, but will have to take a gander at Casper now too. They both seem pretty powerful.

We looked at both, but went with Casper. Have zero complaints, feel free to drop me a line if you got any questions. I am doing some crazy stuff, and Jamfsoftware just did a case study on me which should be published very soon.

@tlarkin -- And just to clarify, what kind of network are you working on? Mixed, PC, Mac, (linux?). I assume Mac, but I just want to be sure. Oh, and what are you using for your servers, there's another good question. I'm assuming Mac, because you mention OSX Server, but I wanted to check.

Network - mixture of Cicso catalyst switches and routers and network controllers with cisco APs running 802.11A radios. By mixture I mean its pure cisco but the models differ depending on replacement cycle. Some are old, some are brand new.

Servers - 33 Xserves - all dual xeons, some Dell blades, some HP Proliants, and the OSes we run are Netware 6.5, SuSe Linux (uh 10.1 Enterprise me thinks), Windows 2003 Server and OS X Server 10.5.8.

clients - 6,000 macbooks, 2,000 iMacs, 6,000 or more PCs (dells, gateways, some custom built), several thousand Acer Netbooks (used for assessment testing in laptop carts), then we got our randoms that directors and executives have: Macbook Airs, Macbook Pros, high end PC laptops, and we also have the small specialty labs of Mac Pros, but those are very few and far between.

Another dumb question, can you administer PCs from OSX Server? Or is that why you have Casper?

No you cannot manage Windows machines from anything but a Windows server, and vice versa for every other platform, which the exception of SuSe Linux (bought out by Novell) which acts as a container over everything.

Casper is a third party, Mac only product (except inventory systems do work on Windows) that is a framework that allows me to install packages, create policies, deploy scripts/pkgs/whatever, mass image computers, and full inventory reporting, plus many other things that I can do with it.

OS X Server offers none of these features.

Just discovered another Mac exclusion: The Olympics. CTV has the rights in Canada (Canadians can't view NBC) and the web site (CTVOlympics.ca) requires Silverlight. Ah well, to hell with the Olympics.

Second that. If they want to load that crap on my computer they're going to have to pay me.

Most likely that stuff was built by the lowest bid contractor though, just as many things are these days. It probably costs a lot less to have a contractor build a product that already exists on top of the majority of their users platform versus something from the ground up that is a better product. That is just business and has nothing to do with technology and/or IT people. Stuff like this happens all the time. Trust me, I sit in meetings and tell the powers that be to not buy a certain product because of the problems we will have with it, and I get completely disregarded and then get stuck supporting that shoddy product. I can't go up to the directors and executives and be like, "I told you so." either when the product they bought only works part of the time.

The only way to fix that is for Apple to be more aggressive and competitive on their business end, because businesses aren't going to change their habits.

But why use Silverlight? Is it cheaper than building a flash player? I thought flash players were the de facto standard these days? (I also thought Silverlight worked on Mac?)

When I looked, the only version of Silverlight for a Mac was version 1 but on the PC it has advanced beyond that. Given the site's choice to use Silverlight in the first place, I wasn't willing to see if the video I wanted to see would work. Just dropped the site a nastygram and quit.

Both Flash and Silverlight are speed bumps on the way to HTML5. We need to get Adobe to stop blocking HTML5 and get on with developing it and other web standards.