Managing Mac Agents

PLUG-IN BASED SOLUTION

The OfficeScan Server (OSCE) natively supports Windows agents. Support for Mac agents is provided by a plug-in to OSCE. Trend's Mac agent is called "Trend Micro Security for Mac" or TMSM. The OSCE plugin is also referred to as TMSM, or the TMSM server.

Because Mac support is provided through a plugin, Mac agent management is completely separate from PC agent management. Even though TMSM runs as a plug-in within OSCE, they are considered to be two separate products.

LIMITATIONS OF TMSM

NO UNIT ADMIN ACCESS TO THE TMSM CONSOLE

The OSCE plugin architecture restricts direct access to plugins to root and members of the built-in administrator group. This prevents direct access to the TMSM console by unit admins. TMCM is being used to allow units to change the settings on their TMSM agents via policy. This affects units in the following ways:

  • Units will not be able to create or modify TMSM policies during TMCM downtime (unlike with PC's, where units can use OSCE instead)

  • Units will need to submit a Cherwell ticket to have newly added Macs to their unit's domain so that they will be visible in the TMCM console.

NO MIRRORING OF AD OU STRUCTURE

TMSM has no concept of AD, so, by default, each unit has a single TMSM domain under which all of their Macs reside. The AD OU structure is not mirrored in the units's TMSM domain. TMSM policies can still be targeted to specific agents in TMCM, but the UFEM team will need to manually create a sub-domain to be targeted, and move the agents into it.