Apple

Pro tip: Perform remote administration with Apple Remote Desktop

Jesus Vigo provides steps and best practices for managing computers and users utilizing Apple Remote Desktop.

Apple Remote Desktop

Through the years, managing desktop computers has gone from a one-to-one method of executing management tasks to the one-to-many method, of which most system admins are so fond are using. From the earlier days, prior to robust switched networks, " sneakernet" is not-so-affectionately remembered as the means with which to get data copied from one desktop by carrying a floppy disk (several of them, I might add) and manually performing the copy operation to each desktop in the company.

While tried and true, it was an error-prone process since it relied on multiple executions of the same task by a human. Fast forward to modern computing times and remote management is the de facto way to perform any changes from OS provisioning to software deployment to making changes to user settings -- it can all be scripted, pushed, installed, or executed remotely from a single machine to all the desktops in your environment.

One task. One operation. Welcome to Apple Remote Desktop (ARD)! Once you install it on a management station or server and configure each client computer, you may never have to touch another station again.

Let's review some of the remote administration and end-user assistance features of ARD.

I. Add computer (one time only)

  1. Launch Remote Desktop.app from the Applications folder.
  2. Be default, ARD will launch with the Scanner option that's selected. Scanner will allow for the searching of computers that are configured to communicate with ARD. It will display found computers on the center of the screen along with the name of the computer, IP Address, and ARD client version installed (Figure A).
    Figure A
    Figure A
  3. Computers may be searched for using a host of options (Figure B). Most notably are Bonjour (for ad-hoc/SOHO environments), Local Network (which scans the LAN your management station is connected to), and Network Range or Address (which can scan based on a single IP or an entire range of IPs, mostly used by corporations with large networks).
    Figure B
    Figure B
  4. With a list of computers ready, the computers must be authenticated to communicate with ARD. Even though they were configured as such on each client, this built-in security mechanism prevents any computer from being captured by the ARD console without first proper authentication. Proceed by double-clicking a station on the list to bring up the Add Computer screen. Depending on your version of ARD and the client on the computer itself, you may need to highlight the device and press the Control button in order to trigger the Add Computer screen to appear. Enter the Username and Password of an account with administrative access to the computers you plan to manage with ARD. Additionally, check the box next to Use this name and password on remaining computers so you'll only have to enter your admin credentials once to authenticate all your nodes (Figure C).
    Figure C
    Figure C
  5. After successfully authenticating all the devices with ARD, the console now has full administrative rights to execute tasks against that device. Should you ever need to modify this type of access, add users, or remove/change the behavior of the interactivity, right-clicking the device and selecting Get Info from the context menu will bring up the properties page. By clicking the Edit button on the Attributes (Figure D), Administrators (Figure E), or Control & Observe (Figure F) tabs, a systems administrator can tailor access to conform to company policies.
    Figure D
    Figure D

    Figure E
    Figure E

    Figure F
    Figure F

II. Interact: Observe, Control, and Curtain

Once the client has been authenticated in the console, the systems administrator will be able to execute tasks, including Remote Desktop on the specified machine. Highlight the device you wish to connect to and select the appropriate level of connection you wish to make: Observe, Control, or Curtain. Observe allows the admin to only view what the locally logged-on user is doing on-screen (Figure G).

Figure G

Figure G

Control allows the admin access to the desktop.

Control is similar to Observe, except the admin now has access to physically control the desktop over the network. This access type is, by default, shared between the end user physically at the machine and the admin remoting in (Figure H).

Figure H

Figure H

Curtain hides the desktop altogether from the end user.

Lastly, there's Curtain access. Curtain offers all of the benefits of Control except that it a) allows only the admin to control the computer, effectively disabling the end user from manipulating anything on-screen; b) more importantly, Curtain hides the desktop altogether from the end user in a private mode, hiding whatever task the admin chooses to perform. A small message will appear on-screen for the end-user to know that his/her desktop is currently being used for administrative purposes ( Figure I).

Figure I

Figure I

Message shows that the desktop is being used.

III. Interact: Send Message and Chat

Another interesting feature is ability to send single or network-broadcast type messages to the nodes communicating with the ARD console. These one-off messages are meant to get a short message -- or text, if you will -- to users on your network. They can serve to warn those working that equipment may be offline for scheduled maintenance or possibly to ask someone to manually power on a machine that's close to them but across campus for the systems administrator. The Message feature is a one-to-many message and one-way -- from admin to end users ( Figure J).

Figure J

Figure J

The Send message feature.

Conversely, the Chat feature will allow the admin to actively participate in a real-time chat session with a user (or group of users), with two-way communication between the parties involved. This is extremely useful in an enterprise or educational setting, as it allows for the administrator or technician to provide individualized assistance to an end user. When used in conjunction with the Observe tool above, the administrator can see what the end user is seeing and may be able to directly communicate a solution and/or enable Control access in order to resolve any issues on the fly. This is personalization of service on a level that few applications provide ( Figure K).

Figure K

Figure K

The Chat feature.

IV. Interact: Lock and Unlock Screen

The Lock and Unlock Screen commands are identical to the Curtain access feature detailed above in section II. By enabling Lock Screen, it effectively prevents access to the computer by any users until the Unlock command has been executed to restore user access. While not used often in a corporate setting, this is a boon for anyone in the educational sector. Some educators really appreciate the ability to restrict access to students until the lesson has concluded and it's time to work on the computer.

Even in the enterprise, it still serves a unique purpose by locking access to a machine that may be in the course of receiving an OS-level upgrade. This gives the deploying admin peace of mind that an end user cannot cancel the upgrade mid-way or otherwise perform a task that may destabilize the computing environment until the upgrade has been successfully completed. There are also security practices that dictate a machine must be left operational after an attack until a security professional has been able to fully complete the forensics examination, which may provide valuable clues as to the nature of the attack or breach ( Figure L).

Figure L

Figure L

The Lock and Unlock Screen.

V. Interact: Spotlight search

Spotlight, as anyone familiar with OS X/iOS will know, is the feature that indexes the file system and allows for searching of just about any documents on a computer instantaneously. Built in to ARD is a Spotlight Search hook that allows for searching of hard drives for clients connected to the console. The goal of this feature is two-fold: First, it aids the systems administrator in finding files/folders and allows them to be opened, copied, or deleted all from the push of a button. This helps in retrieving data or deleted certain configuration files that are outdated or to be updated later on via push. Secondly, it allows for unprecedented support of end users who may not be as tech-savvy or familiar with OS X. This tool offers user support for finding lost files, types of documents, or even retrieving files off one node and copying them over the network to another node with little administrative overhead ( Figure M).

Figure M

Figure M

Spotlight Search.

So there you have it. Apple Remote Desktop is a remote administration and end-user support and assistance tool that utilizes a breadth of technologies and helps leverage the power of OS X and the local area network to perform tasks from one console station that impacts the entire organization.

From one to 1,000 -- the possibility of one or two systems administrators managing the corporate landscape of network-connected devices is not only very much a reality, but it won't wear out your sneakers, flash drives, or patience in the process.

About

Jesus Vigo is a Network Administrator by day and owner of Mac|Jesus, LLC, specializing in Mac and Windows integration and providing solutions to small- and medium-size businesses. He brings 15 years of experience and multiple certifications from seve...

0 comments

Editor's Picks