Archive

Archive for the ‘Apple Remote Desktop’ Category

Using directory membership to manage Apple Remote Desktop permissions

August 22, 2018 3 comments

Apple Remote Desktop (ARD) is a screen sharing and remote administration tool that just about every Mac admin uses at some point. Configuring access permissions for it can be done in several ways:

  1. Using System Preferences’ Sharing preference pane to configure the Remote Management settings.
  2. Using the kickstart command line utility to grant permissions to all or specified users
  3. Using the kickstart command line utility to grant permissions to members of specified directories.

The last item may be the least-known method of assigning permissions, but it can be the most powerful because it allows ARD’s management agent to be configured once then use group membership to assign ARD permissions. For more details, please see below the jump.

Read more…

Enabling least-privilege screensharing using Apple’s Remote Desktop Client and Screen Sharing.app

July 7, 2017 3 comments

In a number of Mac-using environments, there is often a need for IT staff to remotely connect to a Mac’s screen using Apple’s Remote Desktop application and work with the person on the other end to resolve a problem. However, there can be several technical and human-centric issues with enabling remote assistance:

  1. Authentication – To enable access using a username and password, that user account must be granted access rights by belonging to a group or by explicitly granting rights to a local account.
  2. Password rotation – If you’re enabling screensharing via granting access to a local account, the security requirements in most environments mandate that those passwords be changed on a regular basis. However, securely changing the account password on multiple remote Macs can be a management challenge on its own.
  3. Access privileges – A lot of folks don’t like the idea that someone they don’t know can take over access to their keyboards and screens without the remote customer saying it’s OK for them to do so. Frankly, I’ve been on both sides of this fence and I don’t like it either.

However, there is a way to enable screen sharing using Apple’s Remote Desktop Client and Apple’s Screen Sharing.app which does the following:

  • Removes the need for any account to be enabled for screen sharing access
  • Mandates that all screen sharing access be approved by the logged-in user
  • Does not allow screen sharing access if no user is logged in.

For more details, see below the jump.

Read more…

PATH environment variables and Casper 9.8

September 24, 2015 1 comment

In the wake of the release of Casper 9.8, where the Casper agent’s jamf and jamfAgent binaries have made their planned move from /usr/sbin to /usr/local/jamf/bin, a number of Casper-using folks who were used to running commands that referenced the jamf and jamfAgent binaries from Apple Remote Desktop (ARD) or other tools began to see errors that indicated that the jamf and jamfAgent binaries could not be found.

Screen Shot 2015 09 23 at 8 23 05 PM

Screen Shot 2015 09 23 at 8 11 28 PM

Conversely, opening a Terminal session and running the exact same command works fine.

Screen Shot 2015 09 23 at 8 21 14 PM

Why are different tools acting differently? The root cause is that they each have different PATH environmental variables, usually referred to as $PATH. For more details, see below the jump.

Read more…

Using Apple Remote Desktop Admin to help script ARD kickstart options

March 7, 2013 7 comments

Apple Remote Desktop is a tool that just about every Mac admin uses at some point. The client is built into OS X and it’s usually straightforward to turn on. It also includes a command line tool called kickstart which can be used to configure the Apple Remote Desktop client. The kickstart tool is useful because you can use it to script your configuration. That said, if you have a complex ARD configuration, getting the kickstart options correct can be tricky.

One way to help with this is to have Apple Remote Desktop Admin do the kickstart configuration work for you. See below the jump for the details.

Read more…

Fixing the Apple Remote Desktop client when it crashes repeatedly

May 3, 2010 7 comments

On a few of my servers, I’d recently begun running into a problem where the ARDAgent process (which is the process for the Apple Remote Desktop client) was crashing repeatedly. It would launch, crash, relaunch, crash, relaunch, crash, relaunch, etc. every few minutes. The common factor seemed to be that it was happening on my 10.4.x Macs (I didn’t see the problem on 10.5.x or 10.6.x Macs) and would persist across reboots, reinstalls and everything else I could think of.

I’d seen a number of folks with the same problem, but I didn’t find a solution until I ran across this Apple Support Discussions thread.

——-

I have run into a similar problem a couple of times but today was the first time I was actually able to resolve it!

The fix I used is to remove the /Library/Application Support/Apple/Remote Desktop/Client directory and restart the client. For whatever reason the tasks.plist in the Tasks folder found inside the Client directory above seemed to be corrupt; removing it seemed to do the trick.

Restarting the Agent from the command line: /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -restart -agent

Hope this helps!

Jonathan

——-

I tried it out on my own servers, and it looks like it has resolved the problem! Here’s what I did:

1. Logged in with an admin account.
2. Opened Terminal.
3. Ran the following command to stop the Apple Remote Desktop client:

sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -agent -stop

4. Ran the following command to remove the /Library/Application Support/Apple/Remote Desktop/Client directory:

sudo rm -rf /Library/Application\ Support/Apple/Remote\ Desktop/Client

5. Ran the following command to restart the Apple Remote Desktop client:

sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -agent -restart

I LOVE Apple Remote Desktop today.

April 20, 2006 Leave a comment

I just got done making sure that some software needing for a training class tomorrow was pushed out to 50-odd PowerBooks. It took three hours to run the job. I was able to start the job from a PowerBook running Apple Remote Desktop remote administration software (ARD), then leave. Three hours later, I connected from home using my laptop’s ARD software to the ARD PowerBook via work’s VPN, took control of the ARD PowerBook and double-checked the training laptops to make sure they all had both the software installed and the training files. In between setting up the job and checking on its completion, I’d driven home, gotten some dinner, chatted with my future mother-in-law about a plumber visit tomorrow and talked to my best friend on the phone. Without ARD, I could have been in that training room all that time installing that software on those 50-odd machines. No thanks! Thanks to ARD, I didn’t have to. That’s why I love ARD today. 

Categories: Apple Remote Desktop

Script-only installer packages for download.

April 2, 2006 4 comments

I had a request from Michael Augustson on the Apple Remote Desktop mailing list if I can post a link to a collection of the script-only installer packages that I’ve used with Apple Remote Desktop 1.x and 2.x. Since I’m a nice person, I’m doing just that. For all those who are interested, I’ve saved a disk image with a number of script-only installer packages, with some other additions that I’ve found useful, up to my .Mac account at http://homepage.mac.com/flounder/packages.dmg
 
Here’s what’s on the disk image: 
 
Script-only Installer packages for use with Apple Remote Desktop 
 
Clear Caches.pkg – Clears the following files from the target Mac’s boot disk, then restarts the Mac: 
 
All files in /Library/Caches/ 
All files in /System/Library/Caches/ 
All files in ~/Library/Caches/ 
/var/vm/swapfile0 
 
Software Update.pkg – Runs the following commands on the target Mac: 
 
Repairs permissions on the target Mac’s boot disk 
Runs the softwareupdate command with the -q, -i, and -a flags to quietly install all available software updates from the Software Update server. 
Repairs permissions on the target Mac’s boot disk again 
Restarts the Mac 
 
Software Update – No permissions repair.pkg – Same functions as Software Update.pkg, but without the permissions repair (Useful if dealing with Macs with iTunes 6.0.3, which hangs up permissions repair.) 
 
Software Update with cache clean.pkg – Runs the following commands on the target Mac: 
 
Repairs permissions on the target Mac’s boot disk 
Runs the softwareupdate command with the -q, -i, and -a flags to quietly install all available software updates from the Software Update server. 
Repairs permissions on the target Mac’s boot disk again 
Clears the following files from the target Mac’s boot disk: 
 
All files in /Library/Caches/ 
All files in /System/Library/Caches/ 
All files in ~/Library/Caches/ 
/var/vm/swapfile0 
 
Restarts the Mac 
 
SSH_start.pkg – Starts the SSH service on the target Mac 
 
SSH_stop.pkg – Stops the SSH service on the target Mac 
 
Other Installer packages 
 
Repair Permission script install.pkg – installs a script into the /etc/periodic/daily, to repair permissions on the target Mac’s boot drive as part of the Mac’s daily maintenance tasks that are run at 3:30AM. 
 
 
Virex Script Installer packages 
 
Virex 7.2 Scripts folder – contains installer packages for Bruno Corbage’s Virex 7.2 scripts (more information available at http://www.versiontracker.com/dyn/moreinfo/macosx/17452
 
Virex 7.7 Scripts folder – same scripts, updated for use with Virex 7.7 and 10.3.x/10.4.x 
 
 
Other Applications 
 
Slipy – Application to use with making custom 10.3.x installer DVDs (no longer available from author.) More information available from http://www.macupdate.com/info.php/id/15568. 
 
 
 
Use them in good health! 

%d bloggers like this: