Lucid Nonsense


Apple Remote Desktop and Open Directory

Monday, 28 September 2009

Apple Remote Desktop (ARD) is an invaluable tool for Mac administrators. The actual “remote desktop” features are, more often than not, secondary to some of the more mundane tasks that it can make much simpler to perform. Whether it’s pushing settings changes to groups of machines, sending updates across hundreds of Macs at once, or installing new software across every Mac in a company, it makes the tasks pretty painless. Along with Open Directory for applying policy to client Macs, and the invaluable NetBoot service, it completes the triumvirate of crucial Mac domain management tools.

That’s before you even get to the reporting features of ARD.

Of course before you can use it on the client Macs it needs turning on and while that’s easy to do via System Preferences, if you want to activate it across hundreds of Macs at once then that’s not a fun prospect. There is a Terminal command that can turn ARD on (kickstart), which would be really easy to send via the “Send UNIX Command” option in ARD. Ho hum.

You can turn ARD on in your client image before deployment, but that doesn’t help if you aren’t running a generic image on all of your Macs. Unfortunately there isn’t a preference setting in Open Directory that you can use to push a “turn ARD on” setting out to clients bound to the directory. You can work around that however and the easiest way is just to add the kickstart command to your login scripts. For instance adding this command would turn on ARD and give all access privs to a local user called macadmin (the command is entered all on one line but is wrapped here):

/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart
 -activate -configure -access -on -users macadmin -privs -all -restart -agent -menu

You can be a bit neater with Leopard, which creates a file in /Library/Preferences called com.apple.RemoteManagement.launchd (containing the cryptic text “enabled”) when ARD is turned on, and removes it when it is turned off. As a result you can very easily check for the existence of that file and only run the kickstart command when ARD is deactivated by using:

if [ ! -e /Library/Preferences/com.apple.RemoteManagement.launchd ]; then
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart 
-activate -configure -access -on -users macadmin -privs -all -restart -agent -menu
fi

That file doesn’t seem to be created in Snow Leopard though, it’s probably simple enough to do something based upon ps auxc | grep ARD with some checking to see if the ARDAgent is running or not, but I’ve not looked into that yet as large scale Snow Leopard deployments are still a little way off and I have a feeling that the ARDAgent may actually restart when a user logs in, hence making that option less reliable. It would need some testing, but to be honest there’s not a big problem with running the kickstart command if ARD is already turned on, so testing for the setting is more of a quest for neatness, and possibly slightly trimming login time, rather than any real necessity.

Of course this does mean that someone has to login to the Macs before ARD will be activated but this approach should ensure that the vast majority of your Macs have ARD turned on without too much walking between machines.


Previous Entry: "Postfix Settings in Snow Leopard"

Next Entry: "Adobe PDF Printer in Snow Leopard"