Home » Apple Manuals » Computer Software » Apple M9547Z/A » Manual Viewer

Apple M9547Z/A Administration Guide - Page 82

Administrator Application Security, User Privileges and Permissions Security, Password Access Security

UPC - 718908688908

Add to My Manuals
Save this manual to your list of manuals

Page 82 highlights

Administrator Application Security Â Make use of user mode to limit what nonadministrator users can do with Remote Desktop. See "Apple Remote Desktop Nonadministrator Access" on page 73. Â If you leave the Remote Desktop password in your keychain, be sure to lock your keychain when you are not at your administrator computer. Â Consider limiting user accounts to prevent the use of Remote Desktop. Either in a Managed Client for Mac OS X (MCX) environment, or using the Accounts pane in System Preferences, you can make sure only the users you designate can use Remote Desktop. Â Check to see if the administrator computer is currently being observed or controlled before launching Remote Desktop (and stop it if it is). Remote Desktop prevents users from controlling a client with a copy of Remote Desktop already running on it at connection time, but does not disconnect existing observe or control sessions to the administrator computer when being launched. Although this functionality is helpful if you want to interact with a remote LAN which is behind a NAT gateway, it is possible to exploit this feature to get secretly get information about the administrator, administrator's computer, and its associated client computers. User Privileges and Permissions Security Â To disable or limit an administrator's access to an Apple Remote Desktop client, open System Preferences on the client computer and make changes to settings in the Remote Management pane in the Sharing pane of System Preferences. The changes take effect after the current Apple Remote Desktop session with the client computer ends. Â Remember that Apple Remote Desktop keeps working on client computers as long as the session remains open, even if the password used to administer the computer is changed. Â Don't use a user name for an Apple Remote Desktop access name and password. Make "dummy" accounts specifically for Apple Remote Desktop password access and limit their GUI and remote login privileges. Password Access Security Â Never give the Remote Desktop password to anyone. Â Never give the administrator name or password to anyone. Â Use cryptographically sound passwords (no words found in a dictionary; eight characters or more, including letters, numbers and punctuation with no repeating patterns). Â Regularly test your password files against dictionary attack to find weak passwords. 82 Chapter 6 Setting Up the Network and Maintaining Security

Section	Page
Apple Remote Desktop Administrator’s Guide	1
Contents	3
About This Book	9
Using This Guide	10
Remote Desktop Help	10
Notation Conventions	10
Where to Find More Information About Apple Remote Desktop	11
Using Apple Remote Desktop	13
Administering Computers	13
Deploying Software	15
Taking Inventory	18
Housekeeping	22
Supporting Users	24
Providing Help Desk Support	24
Interacting with Students	26
Finding More Information	28
Getting to Know Remote Desktop	29
Remote Desktop Human Interface Guide	29
Remote Desktop Main Window	30
Task Dialogs	31
Control and Observe Window	33
Multiple-Client Observe Window	34
Report Window	35
Changing Report Layout	36
Configuring Remote Desktop	37
Customizing the Remote Desktop Toolbar	37
Setting Preferences for the Remote Desktop Administrator Application	37
Interface Tips and Shortcuts	38
Installing Apple Remote Desktop	41
System Requirements for Apple Remote Desktop	41
Network Requirements	42
Installing the Remote Desktop Administrator Software	42
Setting Up an Apple Remote Desktop Client Computer for the First Time	43
Upgrading the Remote Desktop Administrator Software	44
Upgrading the Client Software	44
Method #1—Remote Upgrade Installation	44
Method #2—Manual Installation	45
Upgrading Apple Remote Desktop Clients Using SSH	46
Creating a Custom Client Installer	46
Considerations for Managed Clients	48
Removing or Disabling Apple Remote Desktop	49
Uninstalling the Administrator Software	49
Disabling the Client Software	50
Uninstalling the Client Software from Client Computers	51
Organizing Client Computers Into Computer Lists	53
Finding and Adding Clients to Apple Remote Desktop Computer Lists	53
Finding Clients by Using Bonjour	54
Finding Clients by Searching the Local Network	55
Finding Clients by Searching a Network Range	55
Finding Clients by Network Address	56
Finding Clients by File Import	57
Making a New Scanner	57
Making and Managing Lists	58
About Apple Remote Desktop Computer Lists	58
Creating an Apple Remote Desktop Computer List	59
Deleting Apple Remote Desktop Lists	59
Creating a Smart Computer List	59
Editing a Smart Computer List	60
Creating a List of Computers of from Existing Computer Lists	60
Importing and Exporting Computer Lists	61
Transferring Computer Lists from Apple Remote Desktop 3 to a New Administrator Computer	61
Transferring Remote Desktop 2 Computer Lists to a New Remote Desktop 3 Administrator Computer	62
Transferring Old v1.2 Computer Lists to a New Administrator Computer	62
Understanding and Controlling Access Privileges	65
Apple Remote Desktop Administrator Access	65
Setting Apple Remote Desktop Administrator Access Authorization and Privileges Using Local Accoun...	67
Setting Apple Remote Desktop Administrator Access Authorization and Privileges Using Local Accoun...	68
Apple Remote Desktop Administrator Access Using Directory Services	69
Creating Administrator Access Groups	69
Enabling Directory Services Group Authorization	72
Apple Remote Desktop Guest Access	72
Apple Remote Desktop Nonadministrator Access	73
Limiting Features in the Administrator Application	73
Virtual Network Computing Access	74
Command-Line SSH Access	75
Managing Client Administration Settings and Privileges	75
Getting an Administration Settings Report	76
Changing Client Administrator Privileges	76
Setting Up the Network and Maintaining Security	79
Setting Up the Network	79
Using Apple Remote Desktop with Computers in an AirPort Wireless Network	80
Getting the Best Performance	81
Maintaining Security	81
Remote Desktop Authentication and Data Transport Encryption	83
Encrypting Observe and Control Network Data	83
Encrypting Network Data During Copy Items and Install Packages Tasks	84
Interacting with Users	85
Controlling	86
Controlling Apple Remote Desktop Clients	86
Control Window Options	87
Switching the Control Window Between Full Size And Fit-To-Window	88
Switching Between Control and Observe Modes	88
Sharing Control with a User	88
Hiding a User’s Screen While Controlling	89
Capturing the Control Window to a File	89
Switching Control Session Between Full Screen and In a Window	89
Sharing Clipboards for Copy and Paste	90
Controlling VNC Servers	90
Setting up a Non–MacOSX VNC Server	91
VNC Control Options	92
Configuring an Apple Remote Desktop Client to be Controlled by a VNC Viewer	93
Observing	93
Changing Observe Settings While Observing	95
Changing Screen Titles While Observing	96
Viewing a User’s Account Picture While Observing	96
Viewing a Computer’s System Status While at the Observe Window	97
Shortcuts in the Multiple Screen Observe Window	98
Observing a Single Computer	98
Observing Multiple Computers	99
Observing a Computer in Dashboard	99
Sending Messages	100
Sending One-Way Messages	100
Interactive Chat	100
Viewing Attention Requests	101
Sharing Screens	101
Sharing a Screen with Client Computers	101
Monitoring a Screen Sharing Tasks	102
Interacting with Your Apple Remote Desktop Administrator	102
Requesting Administrator Attention	102
Canceling an Attention Request	103
Changing Your Observed Client Icon	103
Administering Client Computers	105
Keeping Track of Task Progress and History	105
Enabling a Task Notification Script	106
Getting Active Task Status	107
Using the Task Feedback Display	107
Stopping a Currently Running Task	108
Getting Completed Task History	108
Saving a Task for Later Use	108
Creating and Using Task Templates	109
Editing a Saved Task	110
Installing Software Using Apple Remote Desktop	110
Installing by Package and Metapackage	110
Installing Software on Offline Computers	112
Installing by Using the Copy Items Command	113
Using Installers from Other Companies	114
Upgrading Software	115
Copying Files	116
Copy Options	116
Copying from Administrator to Clients	118
Copying Using Drag and Drop	118
Restoring Items from a Master Copy	120
Creating Reports	121
Collecting Report Data	121
Using a Task Server for Report Data Collection	122
Report Database Recommendations and Bandwidth Usage	123
Auditing Client Usage Information	124
Finding Files, Folders, and Applications	126
Comparing Software	128
Auditing Hardware	130
Testing Network Responsiveness	135
Exporting Report Information	136
Using Report Windows to Work with Computers	137
Maintaining Systems	138
Deleting Items	138
Emptying the Trash	139
Setting the Startup Disk	139
Renaming Computers	140
Synchronizing Computer Time	140
Setting Computer Audio Volume	141
Repairing File Permissions	142
Adding Items to the Dock	142
Changing Energy Saver Preferences	143
Changing Sharing Preferences for Remote Login	144
Setting Printer Preferences	144
Managing Computers	146
Opening Files and Folders	146
Opening Applications	147
Quitting Applications Without Logging Out the User	148
Putting a Computer to Sleep	148
Waking Up a Computer	149
Locking a Computer Screen	149
Displaying a Custom Picture on a Locked Screen	150
Unlocking a Computer Screen	150
Disabling a Computer Screen	151
Logging In a User at the Login Window	151
Logging Out the Current User	152
Restarting a Computer	153
Shutting Down a Computer	153
Starting Up a Computer	154
UNIX Shell Commands	155
Send UNIX Command Templates	155
Executing a Single UNIX Command	157
Executing Scripts Using Send UNIX Command	157
Built-in Command-Line Tools	159
Automating Tasks	165
Working with the Task Server	165
Preliminary Planning for Using the Task Server	166
Setting Up the Task Server	166
Setting Up an Admin Console to Query the Task Server	167
Setting Up Clients to Interface with the Task Server	168
Using Automatic Data Reporting	168
Setting the Client’s Data Reporting Policy	169
Creating a Template Data Reporting Policy	170
Working with Scheduled Tasks	170
Setting Scheduled Tasks	170
Editing Scheduled Tasks	171
Deleting Scheduled Tasks	171
Using Scripting and Automation Tools with Remote Desktop	171
Using AppleScript with Remote Desktop	172
Using Automator with Remote Desktop	175
Icon and Port Reference	177
Client Status Icons	177
Apple Remote Desktop Status Icons	177
List Menu Icons	178
Task Status Icons	178
System Status Icons (Basic)	179
System Status Icons (Detailed)	179
TCP and UDP Port Reference	180
Report Field Definitions Reference	181
System Overview Report	181
Storage Report	184
USB Devices Report	185
FireWire Devices Report	185
Memory Report	185
Expansion Cards Report	186
Network Interfaces Report	186
Network Test Report	188
Administration Settings Report	188
Application Usage Report	189
User History Report	189
AppleScript Remote Desktop Suite	191
Classes and Commands for the Remote Desktop Application	191
PostgreSQL Schema Sample	199

Match case Limit results 1 per page

Chapter 6

Setting Up the Network and Maintaining Security

Administrator Application Security

Make use of user mode to limit what nonadministrator users can do with Remote

Desktop.

See “Apple Remote Desktop Nonadministrator Access” on page 73.

If you leave the Remote Desktop password in your keychain, be sure to lock your

keychain when you are not at your administrator computer.

Consider limiting user accounts to prevent the use of Remote Desktop.

Either in a Managed Client for Mac OS X (MCX) environment, or using the Accounts

pane in System Preferences, you can make sure only the users you designate can use

Remote Desktop.

Check to see if the administrator computer is currently being observed or controlled

before launching Remote Desktop (and stop it if it is).

Remote Desktop prevents users from controlling a client with a copy of Remote

Desktop already running on it at connection time, but does not disconnect existing

observe or control sessions to the administrator computer when being launched.

Although this functionality is helpful if you want to interact with a remote LAN which

is behind a NAT gateway, it is possible to exploit this feature to get secretly get

information about the administrator, administrator’s computer, and its associated

client computers.

User Privileges and Permissions Security

To disable or limit an administrator’s access to an Apple Remote Desktop client, open

System Preferences on the client computer and make changes to settings in the

Remote Management pane in the Sharing pane of System Preferences. The changes

take effect after the current Apple Remote Desktop session with the client computer

ends.

Remember that Apple Remote Desktop keeps working on client computers as long

as the session remains open, even if the password used to administer the computer

is changed.

Don’t use a user name for an Apple Remote Desktop access name and password.

Make “dummy” accounts specifically for Apple Remote Desktop password access and

limit their GUI and remote login privileges.

Password Access Security

Never give the Remote Desktop password to anyone.

Never give the administrator name or password to anyone.

Use cryptographically sound passwords (no words found in a dictionary; eight

characters or more, including letters, numbers and punctuation with no repeating

patterns).

Regularly test your password files against dictionary attack to find weak passwords.