There are some cases, however, where policies can't simply add to each other. This is particularly true about features that restrict user access to functionality or features. In these cases, the most restrictive policy is the one that is enforced.
Planning a policy strategy
Determining which policies to apply and how to apply them can be challenging. In most enterprises, a template and organizational guide already exists in the form of Active Directory and Group Policies. Although it may not be ideal to apply every corresponding policy (and there may not always be corresponding policies between Windows and OS X), your existing policy structures often provide an excellent starting point. It also makes a great deal of sense to leverage your existing groups or organizations units within Active Directory for applying user-based policies.
Determining Mac-based policies may take a bit more thought. Again, you can use your existing PC organizational units or structure as a guide, but you may find it more efficient and effective to create Mac-specific units or groups.
It's also important to note that most tools that apply Mac management support leveraging your Active Directory environment -- even Active Directory itself -- aren't the source of the policies as it is with Windows Group Policies.
In the final piece of this series, I'll look at the various tools used to manage Macs as well as OS and app deployment options. If you'd like additional details on Mac (and iOS) policy options and configuration file structure, check out Apple's Profile Manager documentation.
Sign up for Computerworld eNewsletters.