Apple Remote Desktop Administrator Guide Version 3.
KKApple Inc. © 2009 Apple Inc. All rights reserved. The owner or authorized user of a valid copy of Apple Remote Desktop software may reproduce this publication for the purpose of learning to use such software. No part of this publication may be reproduced or transmitted for commercial purposes, such as selling copies of this publication or for providing paid for support services. Every effort has been made to ensure that the information in this manual is accurate. Apple Inc.
Contents 11 11 12 12 12 13 Preface: About This Guide 15 15 17 20 23 25 25 27 28 Chapter 1: Using Apple Remote Desktop 30 30 30 32 33 35 36 37 38 38 38 39 40 Chapter 2: Getting to Know Remote Desktop 42 42 42 Chapter 3: Installing Apple Remote Desktop What Is Apple Remote Desktop? Using This Guide Remote Desktop Help Notation Conventions Where to Find More Information About Apple Remote Desktop Administering Computers Deploying Software Taking Inventory Housekeeping Supporting Users Providing H
3 43 44 45 45 45 46 47 47 49 50 50 50 51 52 Network Requirements Installing the Remote Desktop Administrator Software Setting Up an Apple Remote Desktop Client Computer for the First Time Upgrading the Remote Desktop Administrator Software Upgrading the Client Software Remote Upgrade Installation Manual Installation Upgrading Apple Remote Desktop Clients Using SSH Creating a Custom Client Installer Enabling Remote Management Considerations for Managed Clients Removing or Disabling Apple Remote Desktop Uni
68 69 70 70 73 74 74 75 76 77 77 77 78 80 80 82 83 83 84 84 84 85 85 85 86 87 87 88 89 89 89 90 90 90 91 91 91 92 93 Setting Apple Remote Desktop Administrator Access Authorization and Privileges Using Local Accounts in Mac OS X v10.5 Setting Apple Remote Desktop Administrator Access Authorization and Privileges Using Local Accounts in Mac OS X v10.
94 94 97 97 98 99 99 100 100 101 101 101 102 102 102 102 103 103 103 Configuring an Apple Remote Desktop Client to be Controlled by a VNC Viewer Observing Changing Screen Titles While Observing Viewing a User’s Account Picture While Observing Viewing a Computer’s System Status While at the Observe Window Shortcuts in the Multiple Screen Observe Window Observing a Single Computer Observing Multiple Computers Observing a Computer in Dashboard Sending Messages Sending One-Way Messages Interactive Chat Viewing
121 122 123 123 124 125 125 126 127 127 127 128 129 129 129 130 131 131 132 132 133 134 134 135 136 136 136 137 137 138 139 140 140 141 142 142 144 144 145 145 146 146 147 Using a Task Server for Report Data Collection Report Database Recommendations and Bandwidth Usage Auditing Client Usage Information Generating a User History Report Generating an Application Usage Report Finding Files, Folders, and Applications Using Spotlight to Find Items Generating a File Search Report Comparing Software Generating a
147 Displaying a Custom Picture on a Locked Screen 148 Unlocking a Computer Screen 148 Disabling a Computer Screen 149 Logging In a User at the Login Window 149 Logging Out the Current User 150 Restarting a Computer 150 Shutting Down a Computer 151 Starting Up a Computer 152 UNIX Shell Commands 152 Send UNIX Command Templates 154 Executing a Single UNIX Command 154 Executing Scripts Using Send UNIX Command 155 Executing Shell Scripts with Remote Desktop 155 Executing AppleScript Scripts with Remote Desktop
178 178 182 184 184 184 185 185 187 188 189 189 Appendix B: Report Field Definitions Reference System Overview Report Storage Report USB Devices Report FireWire Devices Report Memory Report Expansion Cards Report Network Interfaces Report Network Test Report Administration Settings Report Application Usage Report User History Report 190 Appendix C: AppleScript Remote Desktop Suite 190 Classes and Commands for the Remote Desktop Application 198 Appendix D: SQLite Schema Sample Contents 9
Preface About This Guide What Is Apple Remote Desktop? Apple Remote Desktop is easy-to-use, powerful, desktop management software for all your networked Macs. System administrators can remotely control and configure systems, install software, offer interactive onscreen help to end users, and assemble software and hardware reports for an entire Mac network.
Using This Guide The Apple Remote Desktop Administrator Guide contains chapters to help you use Remote Desktop. It contains overviews and explanations about Apple Remote Desktop features and commands. It also explains how to install and configure Apple Remote Desktop on client computers, how to administer client computers, and how to use Remote Desktop to interact with computer users.
Terminal Command Conventions Notation Indicates monospaced font A command or other Terminal text $ A shell prompt [text_in_brackets] An optional parameter (one|other) Alternative parameters (type one or the other) italicized A parameter you must replace with a value [...
ÂÂ Apple Remote Desktop Feedback page (www.apple.com/feedback/remotedesktop. html)—allows you to provide feedback. ÂÂ Apple Remote Desktop Mailing List (lists.apple.com/mailman/listinfo/remote- desktop/)—provides details on joining the Apple Remote Desktop mailing list. ÂÂ Apple Remote Desktop Discussions Forum (discussions.info.apple.com/ appleremotedesktop/)—lets you share information and learn from others in online discussions. ÂÂ SQLite website (www.sqlite.org)—provides SQLite documentation.
Using Apple Remote Desktop 1 Apple Remote Desktop helps you keep Macintosh computers and the software running on them up to date and trouble free. And it lets you interact directly with Macintosh users to provide instructional and troubleshooting support. This chapter describes the main aspects of Apple Remote Desktop administration and user interaction capabilities, and tells you where to find complete instructions for using them.
You can administer client computers individually, but most Apple Remote Desktop features can be used to manage multiple computers at the same time. For example, you may want to install or update the same applications on all the computers in a particular department. Or you may want to share your computer screen to demonstrate a task to a group of users, such as students in a training room. Marketing department Engineering department Acomputer list is a group of computers.
Deploying Software Apple Remote Desktop lets you distribute software and related files to client computers from your Apple Remote Desktop administrator computer or from a computer running Mac OS X Server. Administrator computer Deploy drag-and-drop application folders Deploy configuration files Mac OS X Server Set startup disk Deploy installation packages (.pkg or .
Distributing Installer Packages You can distribute and automatically installation packages in .pkg and .mpkg formats. Apple Remote Desktop lets you install software and software updates on one or more client computers without user interaction or interruption, or even if no user is logged in. After installation, Apple Remote Desktop erases the installer files. If the computers need to be restarted, as they do following an operating system update, you can restart them from Apple Remote Desktop.
Using NetBoot Images Another kind of system image you can create using Mac OS X Server is a NetBoot image. As with a NetInstall image, a client computer uses a NetBoot image to start up. However, the startup software isn’t installed on the client system. Instead, it resides on a remote server. You should use a NetBoot image that has Apple Remote Desktop installed and configured. Otherwise, administering the computer using Apple Remote Desktop after starting up from NetBoot is impossible.
Verifying Installations You can run the Software Version or Software Difference reports to find the verify the versions of software installed on client computers. Taking Inventory Apple Remote Desktop lets you capture data describing the attributes of client computers, then generate reports based on the data. You specify how often you want to capture data, the data you want to capture, and the computers you want to profile.
Using the collected data, Apple Remote Desktop generates reports tailored to your specifications. File Search Report Use the File Search report to search client systems for specific files and folders and to audit installed applications. This report can help you find out how many copies of a particular application are in use so you don’t violate license agreements. Spotlight File Search Use the Spotlight Search report to search Tiger and Leopard client systems for specific files and folders.
Administration Settings Report Use the Administration Settings report to determine which Apple Remote Desktop administrator privileges are enabled or disabled for you in the Sharing pane of System Preferences on individual client computers. User History Report Use the User History report to show you who has logged in to a client, how they logged in, and for how long.
Housekeeping Apple Remote Desktop provides several ways to remotely control client computers for housekeeping activities. Administrator computer Restart, shut down, sleep, and start up Empty Trash Mac OS X Server Remote screen control Set startup disk Execute UNIX shell script Send text notification Xserve cluster node NetBoot images Marketing department Engineering department Managing Power State Use Apple Remote Desktop to control the power state of client computers.
For example, you may need to have all computers turned off during maintenance of a power generation unit or during a holiday shutdown. You can send an Apple Remote Desktop text message reminding users to shut down their computers at a particular time. Any computers still running when you need to start maintenance can be detected and shut down remotely with Apple Remote Desktop.
Supporting Users Apple Remote Desktop lets you interact with users from your administrator computer in these ways: ÂÂ Provide help: respond to users who need help by using Apple Remote Desktop to receive user requests and to remotely diagnose and fix problems. ÂÂ Interact: conduct instructional interactions with students in a school or corporate training environment—from controlling or observing student screens to sharing your screen with all your students in order to perform a demonstration.
Requesting Help A user can discreetly notify you of a problem by sending a request for help using an Apple Remote Desktop text message. Users initiate requests using the Apple Remote Desktop icon in the menu bar. A notification on the administrator computer alerts you to the message, and you can obtain more information and troubleshoot the problem. Chatting with the User Conduct two-way Apple Remote Desktop text communication with the user to obtain more information.
Interacting with Students Apple Remote Desktop helps instructors teach more efficiently by letting them interact with student computers individually or as a group. Administrator computer Broadcast text messages Observe and share one or multiple screens Control screen Lock screens Open applications or files Log out students Distribute items electronically One-to-one help desk support Classroom Using Text Messages Send Apple Remote Desktop text messages to communicate with students.
Controlling Screens Show students how to perform tasks by controlling their screens from your computer, opening applications and using files as required. Locking Screens Lock student screens to prevent students from using their computer when you want them to focus on other activities. Terminating Computer Use Remotely log students out or shut down their computers at the end of a class or school day.
To learn more about See information for Starting on Distributing files Copying files “Copying Files” (page 115) Taking inventory Data collection options “Creating Reports” (page 120) Auditing software Auditing hardware Network responsiveness Customizing reports Exporting report data Client use reporting User login accounting Application usage Housekeeping tasks Deleting items Emptying the Trash “Auditing Client Usage Information” (page 123) “Maintaining Systems” (page 136) Setting startup volu
Getting to Know Remote Desktop 2 Remote Desktop is the administrator application for Apple Remote Desktop. Its attractive interface is powerful, yet simple to use. The Remote Desktop interface is customizable, letting you get the information you want quickly, the way you want it. This chapter contains screenshots and short descriptions of the Remote Desktop interface, as well as detailed instructions for customizing the appearance and preferences of the application.
K L A B C D E F H G I J A All Computers list: The All Computers list is a list of all client computers that you plan to administer. Computers need to be in the All Computers list before you can command or administer them. If you have a 10-client license, the All Computers list can contain only 10 computers. B Apple Remote Desktop computer lists: A list of computers you create to group computers in ways that are convenient for you.
H Active tasks list: This list shows all tasks, except those delegated to your Task Server, that are currently running or queued to run but haven’t yet started. I History list: The History list shows a list of most recently run tasks, as defined in the Remote Desktop preferences. You can inspect each task by double-clicking it. Once a task is completed (whether successfully or not) it is moved to the History list. J Task status icon: These icons represent the current state of a task.
D Participating computers: This area shows you the computers that will be affected by the task. E Schedule task button: When you click this button in a task dialog, you can set a time to perform the task as well as repeat the task. For more information, see “Working with Scheduled Tasks” on page 167. F Save task button: When you click this button in a task dialog, you can name and save the task as configured. Saved tasks appear in the left side of the Remote Desktop main window.
A Observe or control toggle: When this button is selected, you have control over the remote client. B Share mouse control: When this button is selected, you share mouse control with the user. C Fit screen in window: When this button is selected, the remote client is scaled to the Control window size. D Lock computer screen for control: When this button is selected, the remote client screen shows a lock, but you can view the client desktop normally.
Multiple-Client Observe Window When you observe many clients at the same time, they all appear in the same window. If you have more computers than can fit in the window, they’re divided across several pages. H B A C I D E F G J A Page Delay: Adjusts the number of seconds before automatically advancing to the next page of screens. B Computers Per Page: Adjusts the number of client screens visible on each page.
Report Window Reports serve as valuable shortcuts when you’re copying files and organizing computer lists. C B C B 36 A D E F A Report category: Most reports have subcategories to help you find the information you want. In the report window, you switch between the subcategories using these tabs. B Save report to file: Saves the report to a plain text file. C Print: Formats and prints the report window. D Open selected: Opens the item selected in the report.
Changing Report Layout You can customize report layouts for your own purposes. By default, reports include a column for each information type you selected before running the report, in the order presented in the report dialog. The columns in the report are initially sorted by computer name. You can resize or rearrange the columns of a report, as well as sort the rows by column. To change what information is displayed for file searches: 1 Choose Report > File Search.
Configuring Remote Desktop You can configure the Remote Desktop administrator application to meet your work needs. Remote Desktop has an interface that is both flexible and functional. Customizing the Remote Desktop Toolbar The Remote Desktop application has a fully customizable toolbar, which provides a quick way to perform tasks. To perform a task, just click the appropriate icon in the toolbar. To show or hide the toolbar, click the toolbar button in the upper-right corner of the application window.
Setting Preferences for the Remote Desktop Administrator Application In Remote Desktop preferences, you can select options that affect how the administrator application interacts with client computers. To open the Preferences window: mm Choose Remote Desktop > Preferences.
In the Security pane, you can set: ÂÂ Whether to allow control of the computer while Remote Desktop is active ÂÂ The default encryption preference for Copy Items and Install Packages tasks ÂÂ The default encryption preference for control and observe sessions ÂÂ Which features of Remote Desktop are available to nonadministrator users See “Apple Remote Desktop Nonadministrator Access” on page 74.
Saved Tasks and Task Templates save you time You may spend a lot of time coming up with the perfect software search to find exactly what you need. You shouldn’t recreate that search every time you need it. Save your tasks, and duplicate them. With a little editing, you can have a number of similar saved tasks for specific uses. Alternatively, you can use task templates to save settings across task dialogs, applying the same settings through various tasks.
Installing Apple Remote Desktop 3 To use Apple Remote Desktop, install the administration software on the administrator computer first, and then install and enable the client software on the computers you want to manage. You’ll need your installation disc, the serial number, and either the printed Welcome instructions, or these instructions.
Network Requirements ÂÂ Ethernet (recommended), AirPort, FireWire, or other network connection For more information, see “Setting Up the Network” on page 80. Installing the Remote Desktop Administrator Software To set up Apple Remote Desktop on administrator computers, you install the software on the computer you plan to use to administer remote computers. Then, you open the application setup assistant, and add to the main list of computers.
10 Configure some client computers for administration, find them in a scanner, and add them to a computer list. For information, see “Setting Up an Apple Remote Desktop Client Computer for the First Time” on page 44 and “Finding and Adding Clients to Apple Remote Desktop Computer Lists” on page 53. Setting Up an Apple Remote Desktop Client Computer for the First Time Depending on the version of Mac OS X, different versions of the Apple Remote Desktop client software are installed.
Upgrading the Remote Desktop Administrator Software Upgrading Remote Desktop is just like installing it for the first time. The only difference is that the final button in the installer reads “Upgrade” rather than “Install.” The installer upgrades existing software to its latest version, imports previously created lists, and restarts the underlying processes after completion. For information, see “Installing the Remote Desktop Administrator Software” on page 43.
3 If the client computers aren’t in an existing Remote Desktop computer list, find the client computers using an Apple Remote Desktop scanner. For more information, see “Finding and Adding Clients to Apple Remote Desktop Computer Lists” on page 53. 4 Select the client computers to be upgraded. 5 Choose Manage > Upgrade Client Software. 6 Click Upgrade.
Upgrading Apple Remote Desktop Clients Using SSH You may not be able to or want to use Remote Desktop to upgrade existing clients to Apple Remote Desktop 3. If the clients have SSH enabled (called Remote Login in System Preferences), and are available on the network, you can still upgrade the client computers. You still need to use Remote Desktop to create a custom installer package. You also need the user name and password of a user with system administrator privileges on the client computer.
WARNING: Custom installer packages that create user names contain sensitive password data. Take care to store and transmit such custom installers securely. To create the client installer: 1 Open Remote Desktop. 2 Choose File > Create Client Installer. The Create Client Installer Setup Assistant appears. 3 Choose to create a custom installer and click Continue. If you choose not to create a custom installer, you can create a basic installer that sets no preferences on the client computer.
For more information, see “Apple Remote Desktop Administrator Access” on page 66. Click OK after each user, and click Continue when you’re ready to go on. 14 Choose whether to allow temporary guest control by requesting permission on the client computers. For more information, see “Considerations for Managed Clients” on page 50. 15 Choose whether to allow non-Apple VNC viewers to control the client computers, and click Continue. For more information, see “Virtual Network Computing Access” on page 76.
For information about changing remote management preferences, see “Apple Remote Desktop Administrator Access” on page 66 and System Preferences Help. Considerations for Managed Clients If you plan on restricting what applications can open on a managed client, you’ll need to make sure Apple Remote Desktop processes are allowed to run. A managed client is a client computer whose environment is managed by Mac OS X Server’s Workgroup Manager.
$ sudo rm /Library/Preferences/com.apple.RemoteManagement.plist $ rm ~/Library/Preferences/com.apple.RemoteDesktop.plist 5 Delete the Remote Desktop documentation using the following commands in the Terminal application.
4 Quit System Preferences. Uninstalling the Client Software from Client Computers To remove Apple Remote Desktop client software from Mac OS X clients, you need to remove a number of software components from each client system. WARNING: Do not uninstall the client software. Disabling the client software is sufficient to stop Apple Remote Desktop system activity. See “Disabling the Client Software” on page 51. To uninstall client software: 1 Open Terminal (located in /Applications/Utilities).
Organizing Client Computers into Computer Lists 4 Apple Remote Desktop uses lists of client computers to logically organize the client computers under your control. Connecting to client computers on the network and adding them to your list is necessary to administer them. This chapter describes finding clients and organizing them into lists for Apple Remote Desktop administration and user interaction.
ÂÂ Listing all clients known by the task server and organized in computer groups in the directory server Once you have found a potential client, you see the following default information: Search column Description (none) Displays a small icon indicating whether the computer is already in the All Computers List. (none) Displays a small icon showing what kind of access the client is capable of. See “Client Status Icons” on page 174.
5 Authenticate by providing a user name and password for an Apple Remote Desktop administrator. The computer is now in your All Computers list. Finding Clients by Searching the Local Network When you choose a local network scanner, Remote Desktop sends a subnet broadcast to computers on the same subnets as the administrator computer. All possible clients on the local subnets appear in a list on the right side of the Remote Desktop window.
Finding Clients by Network Address If you know the IP address or fully qualified domain name of a computer, you can use that IP address or domain name to add the computer to your All Computers list. To add a specific address immediately to the All Computers list: 1 Select the All Computers list. 2 Choose File > Add by Address. 3 Enter the IP address or fully qualified domain name. 4 Enter the user name and password. 5 Click the Advanced Options disclosure triangle.
File import also lets you add ranges of IP addresses by expressing the range in the following format: xxx.xxx.xxx.xxx-yyy.yyy.yyy.yyy. For example, a text file with the line “192.168.0.2-192.168.2.200” would add all IP addresses in that address range. To import a list of computers from a file: 1 Select a scanner at the left of the Remote Desktop window. 2 Select File Import. 3 Browse for the file by clicking the Open File button, or drag a file into the window.
2 Select Directory Server. 3 In the pop-up menu to right, select a computer group. If there are computer groups in the directory server but none show, click the Refresh button in the top right. 4 Select the desired computers. 5 Drag the selected computers to the All Computers list. 6 Authenticate by providing a user name and password for an Apple Remote Desktop administrator. The computer is now in your All Computers list.
Editing Client Attributes After adding a client to a computer list, you can edit its attributes. If you edit a single client’s attributes, you can change its: ÂÂ Address ÂÂ DNS name ÂÂ Remote management port ÂÂ Screen sharing port ÂÂ Login ÂÂ Password ÂÂ Label ÂÂ Network interface used for task server actions If you edit attributes for several clients simultaneously, you can edit the login name and password Apple Remote Desktop uses to authenticate.
Making and Managing Lists You use lists to organize and perform management tasks on client computers. You can make groups of lists, and rearrange the lists by dragging them up and down the left side of the main window. Apple Remote Desktop has several different kinds of lists. The following section describes the kinds of lists, and explains how to create lists and use them for client management.
Deleting Apple Remote Desktop Lists You can delete Apple Remote Desktop computer lists and scanner lists that you created. You cannot delete the All Computers list, Task Server list, or History list. To delete a list: mm Select the list and press the Delete key. Creating a Smart Computer List You can create a computer list which automatically populates based on custom criteria.
Editing a Smart Computer List You may want to edit the smart lists you have created. The editing window is the same as the one used to create the smart list. The options available are the same as those listed in “Creating a Smart Computer List” on page 61. To edit a smart computer list: 1 Select the smart list in the Remote Desktop main window. 2 Choose File > Edit Smart List. 3 Change the smart computer list as desired.
Importing and Exporting Computer Lists When setting up Apple Remote Desktop 3, you may not necessarily use the same computer you used for the previous version of Apple Remote Desktop. Rather than create new lists of client computers, you can transfer existing lists between computers, with benefits and limitations depending on the transfer circumstance. The following sections will help you import or export your computer lists.
Transferring Remote Desktop 2 Computer Lists to a New Remote Desktop 3 Administrator Computer If you’re installing Apple Remote Desktop 3 on a computer different from the version 2.x administrator computer, you may want to move your existing computer lists to the new administrator computer running Apple Remote Desktop 3. When you import or export a computer list, the user name and password used for Apple Remote Desktop authentication aren’t exported.
To transfer the computer lists: 1 Open Keychain Access (located in /Applications/Utilities) on the source computer. 2 Choose File > New Keychain. 3 Name the new keychain, and click Create. 4 Enter a password for the new keychain. This is a temporary password that you’ll use to retrieve the information in the keychain. Don’t use your login password or other sensitive password. 5 If necessary, click Show Keychains to show the administrator keychain. 6 Select the source computer’s main keychain.
Understanding and Controlling Access Privileges 5 There are several different ways to access and authenticate to Apple Remote Desktop clients. Some depend on Apple Remote Desktop settings, and others depend on other client settings, or third-party administration tools. This chapter explains the various access types, their configuration, and their uses.
ÂÂ If the computer is used by one person, you may not want to give administrators full access privileges. Also, you may want a user who administers his or her own computer to take responsibility for creating passwords and setting the access privileges for the computer. WARNING: Apple Remote Desktop administrator access can be used maliciously—for example, to take unauthorized control of a user’s screen or delete a user’s files.
Select To allow administrators to Send text messages Use these Interact menu commands: Send Message and Chat. Restart and shut down Use these Manage menu commands: Sleep, Wake Up, Restart, Send UNIX Command, and Shut Down. This item must be enabled in order to use the Upgrade Client Software feature. Copy items Use these Manage menu and Server menu commands: Copy Items, Send UNIX Command and Install Packages.
All users are given the same administrator privileges. 4 To allow access for specific users or to give specific users specific administrative access privileges, select “Only these users.” Click Add (+), select users, and click Select. Select a user in the list to change that user’s administrator privileges. 5 Click Options. 6 Make the desired changes to the access privileges, and then click OK. Your changes take effect immediately.
5 Select a listed user whose access privileges you want to set, and then make the changes you want to the access privileges. Your changes take effect immediately. You can hold down the Option key while clicking the user’s checkbox to automatically select all the following checkboxes for access. For more information, see “Apple Remote Desktop Administrator Access” on page 66. 6 Repeat for additional users whose access privileges you want to set.
To create an administrator access group: 1 Create groups as usual. If you’re using Mac OS X Server, you use Workgroup Manager to make them. 2 After you have created groups, you edit either the computer record of the computer to be administered, its computer group record, or the guest computer record. 3 Use a text editor, or the Apple Developer tool named Property List Editor to build the MCXSettings attribute XML. The XML contains some administrator privilege key designations (ard_admin, ard_reports, etc.
6 If the record doesn’t have the MCXFlags attribute, click New Attribute. Enter MCXFlags in the Attribute Name field, and enter this in the Text field: has_mcx_settings After entering the above, click OK.
staff ard_admin my_admin_group ard_reports This example attribute defines four privileges, although any of them may be left out. For more information about using Workgroup Manager, and Open Directory, see Workgroup Manager Help and Server Admin Help.
Apple Remote Desktop Guest Access You can configure an Apple Remote Desktop client to give temporary, one-time access to an Apple Remote Desktop administrator who doesn’t have a user name or password for the client computer. Each time the Apple Remote Desktop administrator would like to control the client computer, he or she must request permission from the remote client’s user.
Limiting Features in the Administrator Application User mode is a great way to delegate administrative tasks, or give users only the features of Remote Desktop that they really use. For example, you might not allow nonadministrators to copy or delete files, but you might allow them to observe client screens and send messages to client users.
Virtual Network Computing Access You can use Apple Remote Desktop to access a Virtual Network Computing (VNC) server and view and interact with the server’s screen. VNC access is determined by the VNC server software. To access a VNC server, it is only necessary to know the IP address or fully qualified domain name and the password designated in the VNC server software. This password doesn’t necessarily correspond to any other password on the system, and is determined by the VNC configuration.
Command-Line SSH Access Command-line SSH access isn’t granted or managed using Remote Desktop. This type of access is managed in the Sharing pane of System Preferences (called “Remote Login”) and is separate from Apple Remote Desktop access types. When you log in to a client remotely using SSH, you have the user privileges assigned to the user name and password. These may or may not include computer administrator privileges.
Changing Client Administrator Privileges Once the client computers are able to be administered, you can change the administrator access privileges for multiple computers simultaneously, using the Change Client Settings command. If you’re using Directory Services to designate administrator privileges, you don’t need to change the settings on the clients. To make changes on a client, you must have the name and password of a user with administrator privileges on the computer.
12 Provide the user’s short name and assign the privileges as desired. For more information, see “Apple Remote Desktop Administrator Access” on page 66. Click OK after each user, and click Continue when you’re ready to go on. 13 Choose whether to allow temporary guest control by requesting permission on the client computers. 14 Choose whether to allow non-Apple VNC viewers to control the client computers, and click Continue. See “Virtual Network Computing Access” on page 76 for more information.
Setting Up the Network and Maintaining Security 6 This chapter describes the main aspects of setting up your network for use with Apple Remote Desktop system administration, as well as best-practice tips for your network. It also contains information about Apple Remote Desktop security features and instructions for enabling them.
ÂÂ Networks with switches have fewer collisions and packet errors than networks with hubs. This means greater reliability and speed. Consider using switches instead of hubs. ÂÂ Organize computers you’re administering using Apple Remote Desktop into small groups, and close the Remote Desktop administrator application when not in use. This helps reduce the number of status queries, thus reducing network traffic.
When you add computers to a Remote Desktop computer list, add the addresses using the NAT router IP address and the forwarded port pairs for every computer behind the NAT router. If you add these IP and port pairs for all computers located behind or beyond the NAT router, you’ll be able to manage those computers regardless of whether the administrator computer is located behind or beyond the NAT router. NAT router 222.123.123.1 Administrator computer 111.111.111.
ÂÂ Avoid using tasks that multicast traffic, such as Share Screen and File Copy. File Copy tries to initiate a series of individual copies if there’s a significant number of multicast networking errors. ÂÂ Wireless networks aren’t suited for multicast traffic. However the Apple Remote Desktop multi-observe feature is different because it doesn’t use multicast traffic. ÂÂ Display shared screens in black and white rather than in color.
Administrator Application Security ÂÂ Make use of user mode to limit what nonadministrator users can do with Remote Desktop. See “Apple Remote Desktop Nonadministrator Access” on page 74. ÂÂ If you leave the Remote Desktop password in your keychain, be sure to lock your keychain when you’re not at your administrator computer. ÂÂ Consider limiting user accounts to prevent the use of Remote Desktop.
ÂÂ Quit the Remote Desktop application when you have finished using it. If you haven’t stored the Remote Desktop password in your keychain, the application prompts you to enter the administrator name and password when you open it again. Physical Access Security ÂÂ If you have stored the Remote Desktop password in your keychain, make sure the keychain is secured and the application isn’t running while you’re away from the Remote Desktop window.
If you connect to clients with Remote Desktop 3.2.2 or later installed, encryption is done using the Apple VNC server and Remote Desktop. If you connect to clients with earlier client versions of Remote Desktop installed, encryption is done using an SSH tunnel between the participating computers. In order to use encryption for Observe and Control tasks with older clients, the target computers must have SSH enabled (“Remote Login” in the computer’s Sharing Preference pane).
Interacting with Users 7 Apple Remote Desktop is a powerful tool for interacting with computer users across a network. You can interact by controlling or observing remote screens, text messaging with remote users, or sharing your screen with others. This chapter describes Remote Desktop user interaction capabilities and gives complete instructions for using them.
You can control the keyboard and mouse of only one computer at a time. Controlling Apple Remote Desktop Clients Apple Remote Desktop client computers can be controlled from any administrator computer that has the Control permission set. For more information about Apple Remote Desktop permissions, see “Apple Remote Desktop Administrator Access” on page 66. Also, special keys including the sound volume, screen brightness, and Media Eject keys don’t affect the client computer.
If your Remote Desktop preferences are set to share keyboard and mouse control, the remote computer’s keyboard and mouse are active and affect the computer just as the administrator computer’s keyboard and mouse do. If your preferences aren’t set to share control, the remote computer’s keyboard and mouse don’t function while the administrator computer is in control.
For more information about Apple Remote Desktop observe mode, see “Observing a Single Computer” on page 99. To switch between control and observe modes: 1 Control a client computer. 2 Click the Control/Observe toggle button in the control window toolbar. Sharing Control with a User You can either take complete mouse and keyboard control or share control with an Apple Remote Desktop client user. This gives you more control over the client interaction and prevents possible client side interference.
Switching Control Session Between Full Screen and In a Window You can control a computer either in a window, or using the entire administrator computer screen. The “Fit screen to full display” toggle button changes between these two modes. In full screen mode, the client computer screen is scaled up to completely fill the administrator screen. In addition to the client screen, there are a number of Apple Remote Desktop controls still visible overlaying the client screen.
VNC servers and viewers are available for a variety of computing platforms. Remote Desktop is a VNC viewer, and can therefore control any computer on the network (whether that computer is running Mac OS X, Linux, or Windows) that is: ÂÂ Running the VNC server software ÂÂ In an Apple Remote Desktop computer list If you try to control a VNC server that isn’t Remote Desktop, it won’t support Remote Desktop keystroke encryption.
3 Make sure the client’s firewall has the VNC port open (TCP 5900). 4 Make sure “Encrypt all network data” isn’t selected in the Security section of the Remote Desktop Preferences. 5 Add the computer to the All Computers list in Remote Desktop using the client’s IP address. 6 Put the client computer’s VNC password in the Remote Desktop authentication box. There is no user name for a VNC server, just a password.
Designate a Custom VNC Display Number To designate a display to control: 1 Add a custom port number, as described above. 2 Use the display number for the last number in the screen sharing port designation (display designations start at 0 for the default primary display). For example, if you want to control the default display on a VNC server (vncserver. example.com) that is listening on TCP port 5900, you set the screen sharing port to 5900.
Remote Desktop lets you observe multiple clients on the same screen, cycling through the list of observed computers. This allows you to monitor many screens without having to select each one individually. Dealing With Many Client Screens When observing a single client, you can see the client window at full size, or scaled it to fit the observe window. To switch between the full size and fitting to the window, click the Fit to Window button, just as you would in a control window.
ÂÂ The setting for the number of viewed machines is changed The computer information area is reenabled when the sizes are returned to more than the image size threshhold. Changing Observe Settings While Observing While you’re observing multiple computers, you can adjust the Apple Remote Desktop observe settings using the controls at the top of the observe window. These settings become visible when you click View Options in the toolbar.
Setting Effect Computer status Select this to add a colored status overview icon in the computer information area. For more information, see “Viewing a Computer’s System Status While at the Observe Window” on page 98. Use shapes for status Select this to give a distinctive shape to the status overview icon in the computer information area. For more information, see “Viewing a Computer’s System Status While at the Observe Window” on page 98.
Viewing a Computer’s System Status While at the Observe Window Remote Desktop can display certain system status information underneath the observed desktop. This information gives you a basic assessment of the following service statistics: ÂÂ CPU Usage ÂÂ Disk Usage ÂÂ Free Memory There are two levels of detail for system statistics. The top level is a single icon (a red, yellow, or green icon). Icon Indicates or One or more service statistics is red.
Service Icon Free Memory Status Less than 80% used Between 80% and 95% used Over 95% used No status information available To show system status in the observe window: 1 Click View Options in the observe window’s toolbar. 2 Select Display Computer Information. 3 Select “Computer status.” 4 Select “Use shapes for status.” 5 Click Done. Shortcuts in the Multiple Screen Observe Window You can access several Apple Remote Desktop commands using icons in the observe window.
3 Choose Interact > Observe. If the observed computer’s screen is larger than the observe window, the screen scrolls as the pointer approaches the edge of the window. 4 To customize the single-client observe window and session, see “Control Window Options” on page 89. The observe window’s options are the same as those of the control window. Observing Multiple Computers When you observe multiple client computers, each client screen is scaled down, so that several computers can be viewed at the same time.
Sending Messages Apple Remote Desktop lets you communicate with users of Apple Remote Desktop client computers using text messaging. You can use text messages to give instructions or announcements, to collaborate remotely, or troubleshoot with users. There are two types of text messaging: one-way messages and two-way interactive chat. Text messages and chat are available only to Apple Remote Desktop client computers.
Viewing Attention Requests After a client user sends an attention request, the Apple Remote Desktop administrator can read the attention request text. To view attention requests: 1 Choose Window > Messages From Users. 2 Select the message you want to view. 3 Click Display to view the request’s message. Sharing Screens Apple Remote Desktop lets you show your screen (or the screen of a client computer in your list) to any or all Apple Remote Desktop client computers in the same computer list.
Interacting with Your Apple Remote Desktop Administrator Users of Apple Remote Desktop client computers can initiate contact with a Remote Desktop administrator. Clients can ask for attention from the administrator, or cancel that attention request. Requesting Administrator Attention At times, Apple Remote Desktop client computer users need to get the attention of the Apple Remote Desktop administrator.
Administering Client Computers 8 Apple Remote Desktop gives you powerful administrative control. You can manually or automatically get detailed information about every computer, install software, and maintain systems from a single administrator computer. This chapter describes Remote Desktop capabilities and how to use them.
Remote Desktop keeps track of active and completed tasks. Active tasks may run locally or be delegated to run on your task server. Active tasks are those which are currently being processed by the client computers, and the client computers haven’t all reported back to the administrator console. Some tasks are so short that they only briefly appear in the list of current tasks; other tasks may take a long time and remain there long enough to return to the task and view the progress as it happens.
Getting Active Task Status When you get a task’s current status, you see the progress of the task, the computers involved, and their feedback to the administrator computer. To get status on a currently running task: 1 Select the Active Tasks list. 2 Select the desired task in the Remote Desktop window. The task status and computers involved are shown in the Remote Desktop window. You can make sure the main window always shows the currently running task in the main work area by setting a preference.
2 Select the desired task in the Remote Desktop window. The task status and computers involved are shown in the Remote Desktop window. 3 Click the Stop button in the top-right of the main window. Getting Completed Task History After a task has received feedback from all the involved client computers, or they have experienced a communication timeout, the task is moved to the History list.
If you want to perform a task similar to an existing template, start with that template using the Template pop-up menu, then customize the resulting task configuration dialog after applying the template. For example, if you always want to use the same Copy Items options but you want to vary the group of computers you apply it to, create a task template by configuring the copy options dialog without selecting target computers, and then save it using the Templates pop-up menu.
Alternatively, you could use Control-click or right-click and choose Edit Task from contextual menu. 2 In the task description window, change the task parameters. You can alter task preferences, and change the computer list. Remove computers by selecting them and pressing the Delete key; add computers by dragging them from a list to the task. After a task is completed, the task name, result, and time you last ran it are stored for review.
You can install multiple packages in succession. When you execute installation of multiple packages, Remote Desktop copies over all the selected packages and then installs them. It also detects whether a restart is required and gives you a visual cue. You can tell the task to restart the computers upon completion, or restart the computers manually later. It isn’t possible to stop the installation of a package. Once the installation starts, it will complete (assuming no errors occur on the client).
This option is preferable when installing on computers that are all currently online. If you want to install the software by using a Task Server, see “Installing Software on Offline Computers” on page 111. 8 Select other installation parameters, as desired. For information about available options, see “Copy Options” on page 115. Client computers aren’t restarted automatically after an installation is complete, unless explicitly selected in the task command. 9 Click Install.
Your network may be sensitive to sudden increases in network activity at unexpected intervals, as designated copy recipients rejoin the network at different times. For information about setting up and using a Task Server, see “Working with the Task Server” on page 162. To install software on offline clients: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. Any or all may be offline. 3 Choose Manage > Install Packages. 4 Select a .pkg or .
For information about the available options, see “Copy Options” on page 115. 7 Click Copy. The software is copied to the indicated location. If the copy operation is unsuccessful, an error message appears in the task feedback window. Using Installers from Other Companies The Install Packages command only works with installers that use the .pkg or .mpkg file format, and some applications can’t be installed by simply copying the application to the hard disk.
Upgrading Software Upgrading software is similar to installing software. However, the method of upgrading software depends on the original method of installation. As a general rule, upgrades should not be done while users have their applications open. Make sure the software to be upgraded isn’t running. WARNING: Distributing copyrighted software without the appropriate license agreement is a violation of copyright law.
Copying Files Apple Remote Desktop makes it easy to copy items (other than the system software) on one or more client computers. Copying files works fastest with a small number of files. For example, ten files that are 10 KB each generally take longer than one file that is 100 KB. Consider copying a single file archive (like a .zip or .sit file) to remote computers for faster copying. Remember that Mac OS X applications are bundles of many smaller files.
Copy Destination Locations There are several preset destinations available in the “Place Items In” destination popup menu, including the Applications folder. If you don’t see the destination you want, you can specify a full pathname. Owner and Group for Copied File By default, the copied files inherit the owner and group of the enclosing destination folder. However, you have several options.
Post-Copy Action You can choose to open a copied item immediately after it’s copied. If you select this option, the file opens with the parent application that created it. Copying from Administrator to Clients Using Apple Remote Desktop, you can copy items to any number of client computers simultaneously. To copy items to clients: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the Remote Desktop window (or any window). 3 Choose Manage > Copy Items.
Copying from the Finder to a Client You can copy files, applications, or folders from the administrator’s Finder windows to remote computers. You can also drag items directly on to a control window. To copy items from the Finder to a client: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers or select the desired Control window. 3 Switch to the Finder. 4 Locate the item you want to copy in the Finder.
Restoring Items from a Master Copy Your client computers can restore non-system software from a master copy. This is helpful if you want to make sure each client computer has the same software. You can automate the software restoration process by using the instructions in “Setting Scheduled Tasks” on page 168. You may want to start by creating a disk image that contains the Mac OS X applications and items you want to copy.
Creating Reports Apple Remote Desktop lets you query client computers for many kinds of information, from installed software to network speed and reliability. Creating reports gives you valuable information about the client computers. Reports also help when you’re copying files and organizing computer lists. Collecting Report Data When creating a report, Remote Desktop can collect new, up-to-date information, or it can use information that it’s previously cached.
For more infomation about new and cached data searches, see “Setting the Client’s Data Reporting Policy” on page 166. The database, which is a SQLite database located at /var/db/RemoteManagement/ RMDB/, can be accessed using other tools besides Remote Desktop. To find out more about the database schema, see Appendix D, “SQLite Schema Sample,” on page 198. The third kind of data search is a Spotlight search.
Report Database Recommendations and Bandwidth Usage You can have a single Apple Remote Desktop data collection database for any number of clients. However, avoid having all the clients upload their report information at the same time. As the number of clients grows, the network usage from the clients as they upload their report data could come in bursts over a short period of time overwhelming the network buffer on the Task Server.
Uploading user accounting data and application usage data further increases the size of the uploaded data for any one client. You may not want to store all the possible information for a given client computer, so you can customize which type of data is collected, as desired. Auditing Client Usage Information With Apple Remote Desktop, you can get detailed information about who has been using the client computers and how.
4 Select the time frame for the user history information. 5 Click Generate Report. The newly generated report window appears. Generating an Application Usage Report The Application Usage report shows which applications have been running on a given client, their launch and quit time, and who launched them. The client stores 30 days of accumulated data, so the requested time can’t be more than the last 30 days.
Finding Files, Folders, and Applications Apple Remote Desktop lets you search the contents of a client computer’s hard disk for specific files, folders, or applications. It can also compare the results of such searches to the items on the administrator computer. These searches can compare software versions, fonts, applications, or installed packages. Using Spotlight to Find Items You can use Spotlight to find items on client computers.
4 Choose the desired search parameters and enter a search term. The results are updated immediately in the window. The results of the search are listed in the pane at the bottom of the window. The “Home” Spotlight search location is the Home folder of the currently logged in user. Generating a File Search Report The File Search report lets you find up to a total of 32,000 items on selected computers.
For more information about the report display, see “Changing Report Layout” on page 37. 6 To search using new data, check Rebuild Data For Report; to search using saved data only, uncheck Rebuild Data For Report. 7 Click Search. The newly generated report window appears. Comparing Software Apple Remote Desktop has several specialized reports for comparing software on client computers with software on the administrator computer. These reports can’t be run comparing two client computers.
The Software Difference report can compare all executable Mac OS X and Classic applications. Unbundled Java (.jar) applications and command-line utilities aren’t included in the report. The report can compare all the fonts in /System/Library/ Fonts/ and /Library/Fonts/, as well as the Fonts folder for the currently logged in user. Comparing installed packages returns a list of all package receipts in /Library/Receipts/.
Getting Computer Information Client computers can submit comments or notes to supplement System Overview reports. These comments and notes are made on the client computer. To make changes on a client computer, you must have the name and password of a user with administrator privileges on the computer. To add comments or notes when submitting in System Overview reports: 1 On the client computer, open System Preferences and click Sharing.
For a complete listing of Storage report options, see Appendix B, “Report Field Definitions Reference,” on page 178. Basic information about hard disk volumes and size can also be found in the storage section of the System Overview report. To generate a Storage report: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Report > Storage. 4 Select the hard disk information desired.
Getting USB Device Information The USB Devices report gets information about Universal Serial Bus devices (scanners, keyboards, mice, and so forth) connected to the client computer. It can get the following information from a device: ÂÂ Product name and ID ÂÂ Vendor name and ID ÂÂ Device speed ÂÂ Bus power amps For more information about the USB Devices report options, see Appendix B, “Report Field Definitions Reference,” on page 178.
To generate a Network Interfaces report: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Report > Network Interfaces. 4 Select the interface information desired. 5 To search using new data, select Rebuild Data For Report. 6 Click Generate Report. The newly generated report window appears. Getting Memory Information The Memory report gets specific information about the installed memory in a client computer.
ÂÂ Card name, type, memory, and revision ÂÂ Vendor and device IDs ÂÂ ROM revision For more information about the Expansion Cards report options, see Appendix B, “Report Field Definitions Reference,” on page 178. Basic information about a client’s expansion cards is also in the Computer section of the System Overview report. To generate an Expansion Cards report: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list.
Evaluating the Network Test Report You can use the Network Test report to diagnose whether task failures in Apple Remote Desktop are due to network congestion or to some other factor. You may, for example, find that a Copy Items task is failing on a particular subnet, due to network congestion on that subnet.
ÂÂ Western (Mac OS Roman): Best choice if the report information uses the Roman alphabet, and the exported document will be opened in an application or on an operating system that doesn’t support Unicode text encoding (for example, some installations of Mac OS 9). ÂÂ Unicode (UTF-8): Best choice if the exported file will be opened on Mac OS X and contains no Asian language characters (such as Chinese or Japanese). ÂÂ Unicode (UTF-16): Best choice if the report contains Asian language characters.
Maintaining Systems Apple Remote Desktop provides easy and powerful tools for maintaining client computers, including tasks such as deleting files, emptying the Trash, and setting computer startup options. Deleting Items If you delete a file from a client computer, it is moved to the client’s Trash. To delete an item from a client: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Report > File Search.
To empty the Trash: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Manage > Empty Trash. 4 Click Empty. Setting the Startup Disk Apple Remote Desktop can set the startup disk on any client computer. You can choose between a volume on a local hard disk or any available NetBoot volume. The startup disk must have a valid operating system installed on it.
To rename a computer: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Manage > Rename Computers. 4 Enter the new computer name. 5 If desired, select “Append a unique number for each computer.” Selecting this option appends a unique number to the end of the computer name. For example, if you rename three computers “Computer,” the computers will be named “Computer1,” “Computer2,” and “Computer3.” 6 Click Rename.
5 Alternatively, manually enter the UNIX command. a Type or paste the following UNIX command: systemsetup -setusingnetworktime on -setnetworktimeserver b Set the user permissions for this command to be sent as the user “root.” 6 Click Send. Setting Computer Audio Volume You may want to standardize or otherwise configure the output volume of your computers.
Repairing File Permissions Sometimes a client’s system file permissions can be corrupted or changed from their expected values. In such a case, it may be necessary to manually repair the permissions on the client. Repairing permissions returns system and library files to their default settings. Repairing file permissions requires the use of the Apple Remote Desktop Send UNIX Command feature, and the command-line tool diskutil. For more information, see “UNIX Shell Commands” on page 152.
Use persistent-others instead of persistent-apps if the item is anything other than an application. 5 Set the permissions for those of currently logged-in user. 6 Click Send. Changing Energy Saver Preferences You can get and change the settings found in the Energy Saver pane of System Preferences. You can change the computer sleep time, as well as other Energy Saver Options.
Changing Sharing Preferences for Remote Login Mac OS X’s Sharing System Preference pane lets you enable or disable SSH login access to the computer. You can use Remote Desktop to change, enable, or disable a remote computer’s preference. Setting the remote login sharing preference requires the use of the Apple Remote Desktop built-in command-line tool systemsetup. For more information about the tool, see “Built-in Command-Line Tools” on page 156.
To set up printer preferences using Copy Items: 1 Set up a client computer’s print preference using the Print & Fax System Preferences. 2 Use the Copy Items task to copy the following file and folder to all the target computers: /private/etc/cups/printers.conf /private/etc/cups/ppd/ Because these files are hidden in the Finder, you may have to use the Terminal or the Finder’s “Go to Folder” command to add them to the “Items to copy” list. 3 Choose a “Same relative location” as the copy destination.
Managing Computers Using Apple Remote Desktop, you can control multiple client computers simultaneously by issuing commands that are found in the Apple menu (Log Out, Sleep, Restart, etc.), as well as other commands. Opening Files and Folders Apple Remote Desktop can open existing items (files, folders, and applications) on client computers. The item to open must be on the administrator computer, in addition to being on the client computers, and must have the same name on the administrator computer.
5 Click Open when the item is selected. The Open Items dialog shows the icon and name of the item to open. 6 Click Open. Opening Applications Apple Remote Desktop can open applications on client computers. The application to open must be on the administrator computer, in addition to being on client computers. If the application is already open, the Open Application command brings it to the front. You can open both Mac OS X and Classic applications with this command.
4 Use the provided Templates for Send UNIX Command to quit an application (for more information, see “Send UNIX Command Templates” on page 152). ÂÂ Select Miscellaneous > Quit Application from the Template pop-up menu. ÂÂ Fill in the desired Application Name. 5 Alternatively, manually enter the UNIX command. ÂÂ Type or paste the following UNIX command: killall "application_name" ÂÂ Set the user permissions for this command to be sent as the user “root.” 6 Click Send.
If you must wake computers on a different subnet, you may want to use a computer on that subnet as a sentry. The sentry computer never sleeps, it runs another licensed copy of Remote Desktop, and it allows itself to be controlled by your local copy of Remote Desktop. You control the sentry computer and instruct it to wake client computers on its local subnet. To wake a computer: 1 Select a computer list in the Remote Desktop window.
2 Save the picture in PICT, TIFF, GIF, JPEG, or any other QuickTime-compatible static image format. QuickTime-compatible movies or QuickTime VR objects cannot be used. 3 Name the picture “Lock Screen Picture”. 4 Copy the “Lock Screen Picture” file to /Library/Preferences/ on the client computer. Unlocking a Computer Screen You must use Apple Remote Desktop to unlock any computer screen locked by Remote Desktop.
Logging In a User at the Login Window Apple Remote Desktop can log in any user on a client computer by using AppleScript System Events and the Send UNIX Command feature. Using these powerful features you can log in any number of client computers to the same user name simultaneously from the login window. This script is for use on computers at the login screen only. To log in a user: This method uses the osascript command. For information about osascript, see the osascript man page.
3 Choose Manage > Log Out Current User. 4 Click Log Out. Restarting a Computer Apple Remote Desktop can restart a client computer. This has the same result as choosing the Restart command from the client computer’s Apple menu. Unless you’re trying to restart a client that supports lights-out management, you cannot restart a computer that has a current status other than “Available.” Remote Desktop also uses lights-out management when you force a restart.
You can allow users to save files or cancel the shutdown, or you can force an immediate shutdown, which causes the users to lose unsaved changes in any open files. 5 Click Shut Down. Starting Up a Computer Apple Remote Desktop can start up clients that support lights-out management (LOM). Unlike waking up computers, this doesn’t rely on the wakeonlan network packet, and allows you to start computers on a different subnet.
UNIX Shell Commands In addition to its own tasks, Apple Remote Desktop provides a way to easily execute UNIX commands on client computers. In order to send UNIX commands to the client computers, the client computers must have the BSD subsystem installed. The UNIX commands are shell commands, so you can write a script with conditionals, loops, and other functions of the shell, and not just send a single command.
The built-in Send UNIX Command templates include: Template sub-menu Template name Network Setup ÂÂ ÂÂ ÂÂ ÂÂ ÂÂ ÂÂ ÂÂ ÂÂ System Setup ÂÂ ÂÂ ÂÂ ÂÂ ÂÂ ÂÂ ÂÂ ÂÂ ÂÂ ÂÂ ÂÂ ÂÂ ÂÂ ÂÂ ÂÂ ÂÂ ÂÂ Miscellaneous ÂÂ ÂÂ ÂÂ ÂÂ ÂÂ ÂÂ ÂÂ ÂÂ ÂÂ ÂÂ Chapter 8 Administering Client Computers List All Services Manual IP DHCP BOOTP Manual with DHCP Router DNS Servers Search Domains Web Proxy Allow Power Button To Sleep Bonjour Name Current Date Current Time Time Zone Network Time Network Time Server Remote Apple Events R
Executing a Single UNIX Command Using the UNIX Command window, you can send a single command to the selected client computers. The command is executed using the bash shell. To execute a single UNIX command: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Manage > Send UNIX Command. 4 Type or paste the command. If your command is a multi-line script, enter each command on its own line.
Executing Shell Scripts with Remote Desktop Shell scripts can be copied, then executed. If a script has any degree of complexity, or if it cannot be expressed on a single line, you can use Copy Items to copy the script file to the client computers, then execute it using Send UNIX Command. To send a singleline command you can simply use Send UNIX Command. To copy and execute a script: 1 Prepare and save your script. Make sure your script is saved as plain text with UNIX line breaks. 2 Open Remote Desktop.
To execute an AppleScript script using the Send UNIX Command: This method uses the osascript command. For more information, see the osascript man page. 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Manage > Send UNIX Command. 4 Type or paste the AppleScript script in the UNIX Command window, like this: osascript -e 'First line of script' -e 'Next line of script' [ -e ...
Using networksetup The command-line tool networksetup is used to configure a client’s network settings. You can use it to create or modify network locations, change IP addresses, set network service proxies, and much more. You can find the command-line syntax, explanations, and an example in the tool’s help prompt by entering the following line in Terminal: ÂÂ For Mac OS X 10.3 clients use the following: /System/Library/CoreServices/RemoteManagement/ARDAgent.
-setsearchdomains networkservice domain1 [domain2] Use this command to designate the search domain for the specified network service. You can list any number of search domains (replace domain1, domain2, and so on with the name of a local domain). If you want to clear all search domain entries for the specified network service, type “empty” in place of the domain name. Example: networksetup -setsearchdomains "Built-in Ethernet" company.com corp.
-setnetworktimeserver timeserver Use this command to designate a network time server. Enter the IP address or DNS name for the network time server. Example: systemsetup -setnetworktimeserver time.apple.com -setremoteappleevents ( on | off ) Use this command to set whether the server responds to events sent by other computers (such as AppleScript scripts). Example: systemsetup -setremoreappleevents on -setremotelogin ( on | off ) Sets remote login (SSH) to either on or off.
-setWaitForStartupAfterPowerFailure seconds Set the number of seconds after which the computer starts up following a power failure. The value must be a multiple of 30 seconds. Example: systemsetup -setWaitForStartupAfterPowerFailure 30 -setwakeonmodem ( on | off ) Use this command to specify whether or not the server wakes from sleep when modem activity is detected.
Here are some examples of actions possible with kickstart: ÂÂ Activate remote management, enable access privileges for all users, and restart the Apple Remote Desktop Agent: $ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.
Automating Tasks 9 You can automate any command or function in Apple Remote Desktop, and AppleScript or UNIX scripts. This chapter describes Remote Desktop automation capabilities and how to use them. Working with the Task Server A dedicated Task Server acts as an always-on, automated administrator. The Task Server installs packages and changes client settings without direct control from the Remote Desktop application.
The firewall should allow communication between the server and the client IP address groups on TCP and UDP ports 3283. Also, if you open TCP port 5900, you can control clients. TCP port 22 should be open if you’re using SSH encryption (used if you’re connecting to clients with Remote Desktop 3.2.1 or earlier installed). 3 If you use a Network Address Translation (NAT) router, forward TCP and UDP ports 3283 and 5900 to the task server computer.
For more information, see “Enabling Remote Management” on page 49 and “Apple Remote Desktop Administrator Access” on page 66. To set up the Task Server from the command-line: 1 Make sure you have two Unlimited Managed Systems licenses, one for the server and one for the administrator computer. 2 Install Remote Desktop on the server. 3 Configure the Task Server to allow other administrators to use it as a Task Server by entering this in Terminal: sudo defaults write /Library/Preferences/com.apple.
Setting Up Clients to Interface with the Task Server After you configure an administrator computer to control the Task Server, and set a default reporting schedule, the Task Server is ready for use. Clients can use the Task Server once they are authenticated and added to the All Computers list in Remote Desktop. No setup is needed beyond adding the clients to the All Computers list. If you have an existing list of computers, you need to configure them now.
Setting the Client’s Data Reporting Policy To speed up reporting and allow reporting from offline clients, Apple Remote Desktop saves client system and file information. You can automate the collection of this information by setting the data reporting policy, a schedule that determines how often the client updates its system and file information for reports. To set a client’s data reporting policy: 1 Select a computer list in the Remote Desktop window.
Stopping Clients from Uploading Reports to Specific Administrator Computers Every client computer has a list of administrator computers that it uploads reports to. If an administrator computer no longer exists, you can stop the client computer from uploading reports to that computer. If you stop the client from uploading reports to a specific administrator computer, but that administrator computer tries to connect to the client, the administrator computer will resume receiving reports.
Setting Scheduled Tasks Any task with the Schedule Task button in the task configuration window can be scheduled. Tasks that you have scheduled appear on the left in the Remote Desktop main window. To schedule a task: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose the task you want to schedule from the menu bar. 4 Configure the task as needed. 5 Before executing the task, click the Schedule button.
Using Scripting and Automation Tools with Remote Desktop You can use tools like AppleScript and Automator in conjunction with Remote Desktop. By combining tools, you increase the power and control you have over automating tasks. For example, you can use AppleScript to automate Remote Desktop itself. Also by using Automator actions, you can even create your own interfaces to Apple Remote Desktop functions without having to give users access to Remote Desktop.
Using the Remote Desktop AppleScript Dictionary Each scriptable application contains an AppleScript dictionary—the list of objects and messages that an application can understand. For example, in the Remote Desktop dictionary there’s an object named “computer list” that has this entry: computer list n [inh. item] : A list which holds computers. ELEMENTS contains computers; contained by application. PROPERTIES id (Unicode text, r/o) : The unique identifier (UUID) of the computer list.
Sample AppleScript Script This script is one that could be used to do a quick cleanup of a group of computers. First, it locks the computer screens to prevent interference. Second, it deletes all items left on the currently active desktops of the client computers. Finally, it finishes by emptying the clients’ trash and unlocking the screens. WARNING: This sample script is for educational use only, and no warranty is explicit or implied as to the suitability of this script for your computing environment.
-- unlock the screen when finished execute (make new unlock screen task) on these_computers end tell Using Automator with Remote Desktop Accomplish all of your time-consuming, repetitive manual tasks quickly, efficiently, and effortlessly with Automator workflows. It’s simple to create custom workflows just by dragging items, pointing, and clicking. You can easily automate Remote Desktop tasks such as Lock Screen or Install Packages, then repeat those tasks again and again.
Using Automator actions, you can even create your own interfaces to Apple Remote Desktop functions without having to give users access to Remote Desktop. For instance, say you wanted to give all your teachers a tool to lock and unlock screens in their classrooms. You still need to configure Remote Desktop and set up computer lists, but instead of giving the teachers all access to Remote Desktop, you can create an Automator plug-in or application.
A The following tables illustrate some of the icons found in the main window of Remote Desktop. The final table shows which network port numbers are in use by Apple Remote Desktop. Client Status Icons The following icons appear next to the names of computers in a scanner search results list. The icons show the status of each computer in the list.
List Menu Icons The following icons are used in the Apple Remote Desktop list area of the Remote Desktop main window. Icon What it means All Computers list Apple Remote Desktop list Smart list Scanner Active Task list Task History list Task Server queue Task Status Icons The following icons are used in task list areas of the Remote Desktop main window.
System Status Icons (Detailed) The following icons are shown after further inspection of observed client computer status indicators.
TCP and UDP Port Reference Apple Remote Desktop uses the following TCP and UDP ports for the functions indicated.
B The following sections describe the available fields in some of the Apple Remote Desktop reports. The file search reports (File Search, Software Version, and Software Difference) aren’t included, because their fields closely match those already found in the Finder. For information about generating reports, see “Creating Reports” on page 120.
List category Field name Notes or example Available User Memory Memory in KB Boot ROM ROM version number Bus Clock Speed In MHz Bus Clock Speed (Non Display Field) In MHz Bus Data Size CPU Speed In MHz CPU Speed (Non Display Field) In MHz Serial Number Vector Processor Yes/No L2 Cache Size In KB L3 Cache Size In KB Machine Class Machine Model Memory In KB Empty RAM Slots PCI slots PCI Slots Used Processor Count CPU Type Internal value Sales Order Number VM Size Total RAM Slots Devic
List category Field name Notes or example Display 2nd Monitor Depth In bits 2nd Monitor Type 2nd Monitor Resolution Pixels horizontal and vertical Monitor Depth In bits Monitor Type Lights-Out Management Monitor Resolution Pixels horizontal and vertical LOM Present Yes/No LOM Active Yes/No LOM Channel LOM IPv4 Configuration Static or DHCP LOM IPv4 Address LOM Subnet Mask LOM Gateway LOM Ethernet ID Modem Modem Country Modem Driver Modem Firmware Version Modem Installed Yes/No Modem In
List category Field name Notes or example Primary Network Input Errors Primary Network Input Packets Primary Network Output Errors Primary Network Output Packets Primary Network Preferences Sleep Display Yes/No Sleep Hard Disk Yes/No Sleep Computer Yes/No Software update auto check Yes/No Software update last check Software Update Server? Time of system shutdown Time of system sleep Time of system startup Time Zone Printing Wake when modem rings Yes/No Wake for Ethernet Access Yes/No Print
List category Software Storage User Field name Notes or example Firewall enabled Yes/No FTP Access Yes/No Internet sharing enabled Yes/No Remote Apple Events Yes/No Remote Login Yes/No Local Hostname foo.local UNIX hostname foo.example.com UNIX hostname is reversible Yes/No Web Sharing Yes/No Windows Sharing Yes/No Kernel Version System Version Mac OS X v10.4.
List category Field name Notes or example Volume Creation Date UNIX GMT format Disk Name Macintosh HD File Count Folder Count Total Disk Space Free Space In KB, MB, or GB Startup Disk UNIX Mount Point File System Options /dev/disk0s10 Group Group permissions File System Disk Format HFS, HFS+, UFS Owner Group Yes/No Permission Modes Permissions Yes/No Write Access Backup Modification Date UNIX GMT format Case Sensitive Yes/No Preserves Case Yes/No Journaling Capable Yes/No Journ
USB Devices Report Field name Notes or example Product Name Product ID Vendor ID Vendor Name Device Speed 1.5Mb, 12Mb Bus Power In mA Serial Number Date collected FireWire Devices Report Field name Notes or example Device Speed 200, 400, 800 Mbits per second Software Version Manufacturer Model Firmware Revision Date collected Memory Report Field name Notes or example Slot Identifier DIMM0/J21 Size In MB Speed PC133-222 (Mac OS X 10.
Expansion Cards Report Field name Notes or example Card Speed In MHz Slot Speed In MHz Card Name Slot Name Slot4 Card Type Display Vendor ID Device ID ROM Revision Displays only Card Revision Card Memory Displays only Date collected Network Interfaces Report List category Field name Notes or example Network Overview Name Location name Active Yes/No Primary Yes/No Configured With Ethernet Hardware Address 00:30:65:01:79:EC Interface Name en0 Flags Active Interface Domain exam
List category Field name Notes or example DNS Servers Subnet Masks Network Statistics Network Collisions Network Input Errors Network Input Packets Network Output Errors Network Output Packets Output Statistics Output Queue Capacity Output Queue Size Output Queue Peak Size Output Queue Drop Count Output Queue Output Count Output Queue Retry Count Output Queue Stall Count Ethernet Statistics Ethernet Alignment Errors Ethernet FCS Errors Frame Check Sequence errors Ethernet Single Collision Frames E
List category Field name Notes or example Ethernet Receiver Watchdog Timeouts Ethernet Receiver Frame Too Short Ethernet Receiver Collision Errors Ethernet Receiver PHY Errors Ethernet Receiver Timeouts Ethernet Receiver Interrupts Ethernet Receiver Resets Ethernet Receiver Resource Errors Ethernet Transmitter Underruns Ethernet Transmitter Jabber Events Ethernet Transmitter PHY Errors Physical Errors Ethernet Transmitter Timeouts Ethernet Transmitter Interrupts Ethernet Transmitter Resets Ethernet Tra
Administration Settings Report List category Field name Notes or example Privileges Generate Reports On or off Send Messages On or off Open & Quit On or off Restart & Shutdown On or off Change Settings On or off Copy Items On or off Delete Items On or off Control On or off Observe On or off Show Observe On or off LOM Authentication Valid, Invalid, Not Configured, or Not Supported Upload Schedule Time and days to upload information Upload System Data On or off Upload File Data
Application Usage Report Field name Notes or example Computer name File sharing computer name Name Application name Launch date 24 hour local time and date Total run time Length of time the application was running Frontmost Length of time the application was the frontmost application User name Short user name of application process owner State What the application is doing now (running, terminated, etc.
C This appendix shows the contents of Remote Desktop’s AppleScript dictionary. This appendix isn’t a substitute for the AppleScript dictionary view in Script Editor. It’s included as a quick reference so you can find AppleScript commands by searching this PDF file. The dictionary has the most recent information about scriptable objects and events in Remote Desktop, and better usability. Classes and Commands for the Remote Desktop Application add v: Add a computer to a task. add computer: The computer.
application n [inh. application; see also Standard Suite]: the Remote Desktop top-level scripting object.
remote desktop version (Unicode text, r/o): The version of the Remote Desktop client running on the computer. status message (Unicode text, r/o): The current status of the computer. system version (Unicode text, r/o): The Mac OS version running on the computer. computer list n [inh. item]: A list which holds computers. ELEMENTS contains computers; contained by application. PROPERTIES id (Unicode text, r/o): The unique identifier (UUID) of the computer list.
location (applications folder/current users desktop folder/current users home directory/same relative location/specific folder/system folder/system fonts folder/ system preferences folder/top folder of the boot disk): The target location to copy to. ownership (current console user/current owner/destination folder owner/specific owner): Specifies the new ownership of the copied item(s).
install package task n [inh. task > item]: Install package(s) on the target computers. ELEMENTS contained by application. PROPERTIES after installing (attempt restart/do nothing/force immediate restart): Specifies what to do after installing the package(s). bandwidth limit (integer): Network usage limit in kilobytes per second (0 = unlimited).
open item task n [inh. task > item]: Open files on the target computers. ELEMENTS contained by application. PROPERTIES files (list): A list of files to open. power on task n [inh. task > item]: Start up the target computers. ELEMENTS contained by application. rename computer task n [inh. task > item]: Change the name of the target computers. ELEMENTS contained by application.
send unix command task n [inh. task > item]: Send a UNIX command or script to the target computers. ELEMENTS contained by application. PROPERTIES script (Unicode text): The command string to be executed. showing output (boolean): Should the complete output of command be displayed in a window user (Unicode text): The user to execute the command as. set local startup disk task n [inh. task > item]: Set the startup volume on the target computers. ELEMENTS contained by application.
shutdown task n [inh. task > item]: Shutdown the target computers. ELEMENTS contained by application. PROPERTIES user can save changes or cancel (boolean): Is the user allowed to save changes or cancel the shutdown sleep task n [inh. task > item]: Put the target computers to sleep. ELEMENTS contained by application. task n [inh. item]: A task. This abstract class represents the tasks which can be executed by Remote Desktop. There are subclasses for each specific type of task.
This chapter contains SQL commands to assist SQL programmers in obtaining the database schema used in the Apple Remote Desktop report database. You can use this knowledge about the schema to create your own applications that access Apple Remote Desktop report information. Sample list of main database schema Command: sudo /usr/bin/sqlite3 -column -header /var/db/RemoteManagement/RMDB/rmdb.
Sample list of system information table Command: sudo /usr/bin/sqlite3 -column -header /var/db/RemoteManagement/RMDB/rmdb.
Sample list of table from one computer Command: sudo /usr/bin/sqlite3 -column -header /var/db/RemoteManagement/RMDB/rmdb.
