Cookies on this website

We use cookies to ensure that we give you the best experience on our website. If you click 'Accept all cookies' we'll assume that you are happy to receive all cookies and you won't see this message again. If you click 'Reject all non-essential cookies' only necessary cookies providing core functionality such as security, network management, and accessibility will be enabled. Click 'Find out more' for information on how to change your cookie settings.

Accept all cookies Reject all non-essential cookies Find out more

Managed macOS laptops and desktops

How to use an Orchard managed macOS computer

Introductions

All new Mac computers need to be registered with WIN's Orchard Apple management system. This service enabled simple installation and updating of a suite of core software packages and allows us to meet basic information governance requirements (for example being able to confirm that your device was encrypted should it be lost).

Users will still be issued with a local admin account and have full control over their computers, but you must agree not to attempt to remove the computer from the management system.

Some of the reasons we use Orchard include:

  • To ensure compliance with WIN IT security policies. This includes encryption, anti-virus and operating system and software updates.
  • Orchard includes a software package manager allowing end users to install commonly used applications easily and includes WIN specific options such as VPN and printer setup tools
  • In the event of a device being lost or stolen it can be temporarily locked until located or remotely erased to prevent loss of sensitive WIN data. 
  • Auditing and inventory.

There is an introductory guide available at https://help.it.ox.ac.uk/orchard  and generic user documentation at https://docs.orchard.ox.ac.uk. Read on for some WIN specific information 

Getting started with AN ORCHARD MAC

User accounts

WIN require that you use a non-admin account for day-to-day activities. You will be provided with such an account and an admin account called 'ladmin' - when installing new programs or updates you may be prompted to provide an admin password, use this account for this purpose. 

If you are WIN user receiving a replacement Mac we recommend transferring your account across from your old Mac using Apple Migration Assistant. When prompted only select your user account. Do not bring applications or other accounts across from the old Mac. Migration Assistant may need to be left running for several hours depending on the amount of data in the account. If Migration Assistant fails an an alternative, accounts can be migrated across using an rsync procedure. This is documented on the Migrate data from an old Mac to a new Mac page

IMPORTANT Apple FileVault disk encryption is enabled and you should be aware that by default only the non-admin day-to-day standard account account can unlock the disk from the main login screen at Mac start-up. Once this is done you can logout and back in as ladmin if need to perform system maintenance tasks. An admin account may optionally allow other accounts to unlock the disk at startup by visiting System Preferences/Settings. Please contact WIN IT if you require assistance https://docs.orchard.ox.ac.uk/FilevaultEncryption 

Install WIN specific Tools

Visit the Orchard self service application in your Mac's dock to install Oxford VPN, FMRIB Forticlient VPN,  PaperCut Client for FMRIB printing and authorise XCode which you may need for Python or software development using Apple's compiler.

Orchard Self-Service application window

Install applications

Use the Orchard Software Centre in your Mac's dock to install new applications.
OrchardSoftwareCentre-screenshot.png
MATLAB, EndNote, SPSS etc should be available there. Please try to avoid installing applications manually if they are available in this (or Apple's App Store) store. Orchard installed apps should update automatically. Check for your desired app in Orchard Software centre first. A list of available application versions can be found at https://docs.orchard.ox.ac.uk/Software/List  and further information at https://docs.orchard.ox.ac.uk/OrchardSoftwareCentre.

FSL is not currently available from within the Orchard software centre. Install FSL in the usual way by following the instructions at https://fsl.fmrib.ox.ac.uk/fsl/fslwiki/ . By default, FSL is installed into your user account home directory (at ~/fsl/), and does not require administrative privileges.

Microsoft 365 (Office 365) should come preinstalled on all Orchard Macs.  However, to enable all features you should sign-in to your Nexus 365 to enable all features. Do this by opening one of the apps (e.g. Word) and choose 'Sign in' from the Word menu.

Install and configure backups

You may install CrashPlan (Code42) for cloud backup from https://help.it.ox.ac.uk/hfs-code42-cloud-backup-service  CrashPlan installation will require that you temporarily change your regular day-to-day account from ‘standard’ to ‘admin’ in ‘System Preferences’ ‘Users and Groups’ - there is no need to log out.  Once CrashPlan (Code42) is installed and configured using ‘HFS hub’ change your account back to ‘standard’. Please contact WIN IT if you would like assistance.  

Setup VPN for remote access to FMRIB or Oxford University networks

See our VPN pages for details on connecting to the appropriate VPN service.

Your Oxford VPN username is is currently your Oxford remote access account but this will change to your SSO password with MFA code from late April 2024 https://help.it.ox.ac.uk/vpn

Printers

To install the FMRIB/Annexe printers connect the laptop to the FMRIB network (either over ethernet or via the FMRIB VPN) and use the 'Self Service’ application to install ‘PaperCut Client for FMRIB’. To complete configuration, if the PaperCut login window doesn’t automatically appear, click on the printer icon in the menu bar ( papercut-mac-menu-icon.png)

and choose ’Refresh my printers now’. Log in with your WIN credentials.