Home » Apple Manuals » Computer Software » Apple M9547Z/A » Manual Viewer

Apple M9547Z/A Administration Guide - Page 69

Apple Remote Desktop Administrator Access Using Directory Services

UPC - 718908688908

Add to My Manuals
Save this manual to your list of manuals

Page 69 highlights

Apple Remote Desktop Administrator Access Using Directory Services You can also grant Apple Remote Desktop administrator access without enabling any local users at all by enabling group-based authorization if the client computers are bound to a directory service. When you use specially named groups from your Directory Services master domain, you don't have to add users and passwords to the client computers for Apple Remote Desktop access and privileges. When Directory Services authorization is enabled on a client, the user name and password you supply when you authenticate to the computer are checked in the directory. If the name belongs to one of the Apple Remote Desktop access groups, you are granted the access privileges assigned to the group. Creating Administrator Access Groups In order to use Directory Services authorization to determine access privileges, you need to create groups and assign them privileges. There are two ways of doing this: Method #1 You can create groups and assign them privileges through the mcx_setting attribute on any of the following records: any computer record, any computer group record, or the guest computer record. To create an administrator access group: 1 Create groups as usual. If you are using Mac OS X Server, you use Workgroup Manager to make them. 2 After you have created groups, you edit either the computer record of the computer to be administered, its computer group record, or the guest computer record. 3 Use a text editor, or the Apple Developer tool named Property List Editor to build the mcx_setting attribute XML. The XML contains some administrator privilege key designations (ard_admin, ard_reports, etc.), and the groups that you want to possess those privileges. The following privilege keys have these corresponding Remote Desktop management privileges: Chapter 5 Understanding and Controlling Access Privileges 69

Section	Page
Apple Remote Desktop Administrator’s Guide	1
Contents	3
About This Book	9
Using This Guide	10
Remote Desktop Help	10
Notation Conventions	10
Where to Find More Information About Apple Remote Desktop	11
Using Apple Remote Desktop	13
Administering Computers	13
Deploying Software	15
Taking Inventory	18
Housekeeping	22
Supporting Users	24
Providing Help Desk Support	24
Interacting with Students	26
Finding More Information	28
Getting to Know Remote Desktop	29
Remote Desktop Human Interface Guide	29
Remote Desktop Main Window	30
Task Dialogs	31
Control and Observe Window	33
Multiple-Client Observe Window	34
Report Window	35
Changing Report Layout	36
Configuring Remote Desktop	37
Customizing the Remote Desktop Toolbar	37
Setting Preferences for the Remote Desktop Administrator Application	37
Interface Tips and Shortcuts	38
Installing Apple Remote Desktop	41
System Requirements for Apple Remote Desktop	41
Network Requirements	42
Installing the Remote Desktop Administrator Software	42
Setting Up an Apple Remote Desktop Client Computer for the First Time	43
Upgrading the Remote Desktop Administrator Software	44
Upgrading the Client Software	44
Method #1—Remote Upgrade Installation	44
Method #2—Manual Installation	45
Upgrading Apple Remote Desktop Clients Using SSH	46
Creating a Custom Client Installer	46
Considerations for Managed Clients	48
Removing or Disabling Apple Remote Desktop	49
Uninstalling the Administrator Software	49
Disabling the Client Software	50
Uninstalling the Client Software from Client Computers	51
Organizing Client Computers Into Computer Lists	53
Finding and Adding Clients to Apple Remote Desktop Computer Lists	53
Finding Clients by Using Bonjour	54
Finding Clients by Searching the Local Network	55
Finding Clients by Searching a Network Range	55
Finding Clients by Network Address	56
Finding Clients by File Import	57
Making a New Scanner	57
Making and Managing Lists	58
About Apple Remote Desktop Computer Lists	58
Creating an Apple Remote Desktop Computer List	59
Deleting Apple Remote Desktop Lists	59
Creating a Smart Computer List	59
Editing a Smart Computer List	60
Creating a List of Computers of from Existing Computer Lists	60
Importing and Exporting Computer Lists	61
Transferring Computer Lists from Apple Remote Desktop 3 to a New Administrator Computer	61
Transferring Remote Desktop 2 Computer Lists to a New Remote Desktop 3 Administrator Computer	62
Transferring Old v1.2 Computer Lists to a New Administrator Computer	62
Understanding and Controlling Access Privileges	65
Apple Remote Desktop Administrator Access	65
Setting Apple Remote Desktop Administrator Access Authorization and Privileges Using Local Accoun...	67
Setting Apple Remote Desktop Administrator Access Authorization and Privileges Using Local Accoun...	68
Apple Remote Desktop Administrator Access Using Directory Services	69
Creating Administrator Access Groups	69
Enabling Directory Services Group Authorization	72
Apple Remote Desktop Guest Access	72
Apple Remote Desktop Nonadministrator Access	73
Limiting Features in the Administrator Application	73
Virtual Network Computing Access	74
Command-Line SSH Access	75
Managing Client Administration Settings and Privileges	75
Getting an Administration Settings Report	76
Changing Client Administrator Privileges	76
Setting Up the Network and Maintaining Security	79
Setting Up the Network	79
Using Apple Remote Desktop with Computers in an AirPort Wireless Network	80
Getting the Best Performance	81
Maintaining Security	81
Remote Desktop Authentication and Data Transport Encryption	83
Encrypting Observe and Control Network Data	83
Encrypting Network Data During Copy Items and Install Packages Tasks	84
Interacting with Users	85
Controlling	86
Controlling Apple Remote Desktop Clients	86
Control Window Options	87
Switching the Control Window Between Full Size And Fit-To-Window	88
Switching Between Control and Observe Modes	88
Sharing Control with a User	88
Hiding a User’s Screen While Controlling	89
Capturing the Control Window to a File	89
Switching Control Session Between Full Screen and In a Window	89
Sharing Clipboards for Copy and Paste	90
Controlling VNC Servers	90
Setting up a Non–MacOSX VNC Server	91
VNC Control Options	92
Configuring an Apple Remote Desktop Client to be Controlled by a VNC Viewer	93
Observing	93
Changing Observe Settings While Observing	95
Changing Screen Titles While Observing	96
Viewing a User’s Account Picture While Observing	96
Viewing a Computer’s System Status While at the Observe Window	97
Shortcuts in the Multiple Screen Observe Window	98
Observing a Single Computer	98
Observing Multiple Computers	99
Observing a Computer in Dashboard	99
Sending Messages	100
Sending One-Way Messages	100
Interactive Chat	100
Viewing Attention Requests	101
Sharing Screens	101
Sharing a Screen with Client Computers	101
Monitoring a Screen Sharing Tasks	102
Interacting with Your Apple Remote Desktop Administrator	102
Requesting Administrator Attention	102
Canceling an Attention Request	103
Changing Your Observed Client Icon	103
Administering Client Computers	105
Keeping Track of Task Progress and History	105
Enabling a Task Notification Script	106
Getting Active Task Status	107
Using the Task Feedback Display	107
Stopping a Currently Running Task	108
Getting Completed Task History	108
Saving a Task for Later Use	108
Creating and Using Task Templates	109
Editing a Saved Task	110
Installing Software Using Apple Remote Desktop	110
Installing by Package and Metapackage	110
Installing Software on Offline Computers	112
Installing by Using the Copy Items Command	113
Using Installers from Other Companies	114
Upgrading Software	115
Copying Files	116
Copy Options	116
Copying from Administrator to Clients	118
Copying Using Drag and Drop	118
Restoring Items from a Master Copy	120
Creating Reports	121
Collecting Report Data	121
Using a Task Server for Report Data Collection	122
Report Database Recommendations and Bandwidth Usage	123
Auditing Client Usage Information	124
Finding Files, Folders, and Applications	126
Comparing Software	128
Auditing Hardware	130
Testing Network Responsiveness	135
Exporting Report Information	136
Using Report Windows to Work with Computers	137
Maintaining Systems	138
Deleting Items	138
Emptying the Trash	139
Setting the Startup Disk	139
Renaming Computers	140
Synchronizing Computer Time	140
Setting Computer Audio Volume	141
Repairing File Permissions	142
Adding Items to the Dock	142
Changing Energy Saver Preferences	143
Changing Sharing Preferences for Remote Login	144
Setting Printer Preferences	144
Managing Computers	146
Opening Files and Folders	146
Opening Applications	147
Quitting Applications Without Logging Out the User	148
Putting a Computer to Sleep	148
Waking Up a Computer	149
Locking a Computer Screen	149
Displaying a Custom Picture on a Locked Screen	150
Unlocking a Computer Screen	150
Disabling a Computer Screen	151
Logging In a User at the Login Window	151
Logging Out the Current User	152
Restarting a Computer	153
Shutting Down a Computer	153
Starting Up a Computer	154
UNIX Shell Commands	155
Send UNIX Command Templates	155
Executing a Single UNIX Command	157
Executing Scripts Using Send UNIX Command	157
Built-in Command-Line Tools	159
Automating Tasks	165
Working with the Task Server	165
Preliminary Planning for Using the Task Server	166
Setting Up the Task Server	166
Setting Up an Admin Console to Query the Task Server	167
Setting Up Clients to Interface with the Task Server	168
Using Automatic Data Reporting	168
Setting the Client’s Data Reporting Policy	169
Creating a Template Data Reporting Policy	170
Working with Scheduled Tasks	170
Setting Scheduled Tasks	170
Editing Scheduled Tasks	171
Deleting Scheduled Tasks	171
Using Scripting and Automation Tools with Remote Desktop	171
Using AppleScript with Remote Desktop	172
Using Automator with Remote Desktop	175
Icon and Port Reference	177
Client Status Icons	177
Apple Remote Desktop Status Icons	177
List Menu Icons	178
Task Status Icons	178
System Status Icons (Basic)	179
System Status Icons (Detailed)	179
TCP and UDP Port Reference	180
Report Field Definitions Reference	181
System Overview Report	181
Storage Report	184
USB Devices Report	185
FireWire Devices Report	185
Memory Report	185
Expansion Cards Report	186
Network Interfaces Report	186
Network Test Report	188
Administration Settings Report	188
Application Usage Report	189
User History Report	189
AppleScript Remote Desktop Suite	191
Classes and Commands for the Remote Desktop Application	191
PostgreSQL Schema Sample	199

Match case Limit results 1 per page

Chapter 5

Understanding and Controlling Access Privileges

Apple Remote Desktop Administrator Access Using Directory

Services

You can also grant Apple Remote Desktop administrator access without enabling any

local users at all by enabling group-based authorization if the client computers are

bound to a directory service. When you use specially named groups from your

Directory Services master domain, you don’t have to add users and passwords to the

client computers for Apple Remote Desktop access and privileges.

When Directory Services authorization is enabled on a client, the user name and

password you supply when you authenticate to the computer are checked in the

directory. If the name belongs to one of the Apple Remote Desktop access groups, you

are granted the access privileges assigned to the group.

Creating Administrator Access Groups

In order to use Directory Services authorization to determine access privileges, you

need to create groups and assign them privileges. There are two ways of doing this:

Method #1

You can create groups and assign them privileges through the mcx_setting attribute

on any of the following records:

any computer record, any computer group record, or

the guest computer record.

To create an administrator access group:

Create groups as usual.

If you are using Mac OS X Server, you use Workgroup Manager to make them.

After you have created groups, you edit either the computer record of the computer to

be administered, its computer group record, or the guest computer record.

Use a text editor, or the Apple Developer tool named Property List Editor to build the

mcx_setting attribute XML. The XML contains some administrator privilege key

designations (ard_admin, ard_reports, etc.), and the groups that you want to possess

those privileges. The following privilege keys have these corresponding Remote

Desktop management privileges: