Tag Archives: ARD

Mac OS X Mac OS X Server Mac Security Mass Deployment

ARD 3.7

Apple has released the client and server updates for Apple Remote Desktop. Both are now available on the App Store. For official information of the server update, see http://support.apple.com/kb/HT5896?viewlocale=en_US.

New features include:

  • Support for OS X Mavericks
  • A shared clipboard which allows automatic copy and paste between local and remote computers
  • Improved support for Mac systems with multiple displays or multiple IP addresses
  • Enhanced multi-observe with gesture support for swiping between screens
  • Output of remote UNIX commands is no longer truncated

The client update documentation is at http://support.apple.com/kb/HT5896?viewlocale=en_US&locale=en_US.

Mac OS X Server

Enable SSH, ARD, SNMP & the Remote Server App Use In OS X Server (Mavericks)

SSH allows administrators to connect to another computer using a secure shell, or command line environment. ARD (Apple Remote Desktop) allows screen sharing, remote scripts and other administrative goodness. SNMP allows for remote monitoring of a server. You can also connect to a server using the Server app running on a client computer. To enable all of these except SNMP, open the Server app (Server 3), click on the name of the server, click the Settings tab and then click on the checkbox for what you’d like to enter.

Screen Shot 2013-10-05 at 9.18.55 AM

All of these can be enabled and managed from the command line as well. The traditional way to enable Apple Remote Desktop is using the kickstart command. But there’s a simpler way in OS X Mavericks Server (Server 2.2). To do so, use the serveradmin command.

To enable ARD using the serveradmin command, use the settings option, with info:enableARD to set the payload to yes:

sudo serveradmin settings info:enableARD = yes

Once run, open System Preferences and click on Sharing. The Remote Management box is then checked and the local administrative user has access to ARD into the host.

Screen Shot 2013-10-05 at 9.15.00 AM

There are also a few other commands that can be used to control settings. To enable SSH for administrators:

sudo serveradmin settings info:enableSSH = yes

When you enable SSH from the serveradmin command you will not see any additional checkboxes in the Sharing System Preferences; however, you will see the box checked in the Server app.

To enable SNMP:

sudo serveradmin settings info:enableSNMP = yes

Once SNMP is enabled, use the /usr/bin/snmpconf interactive command line environment to configure SNMP so you can manage traps and other objects necessary.

Note: You can’t have snmpd running while you configure SNMPv3. Once SNMPv3 is configured snmpd can be run. 

To allow other computers to use the Server app to connect to the server, use the info:enableRemoteAdministration key from serveradmin:

sudo serveradmin settings info:enableRemoteAdministration = yes

To enable the dedication of resources to Server apps (aka Server Performance Mode):

sudo serveradmin settings info:enableServerPerformanceMode = yes

Mac OS X

Disable Dock Autohide

One of those annoying little things is when you ARD into a system and the Dock is nowhere to be seen. Why do we (or should I say they) autohide Docks on servers? Either way, when I ARD into a box and I don’t see a Dock I have this line saved as a Template:

defaults write com.apple.dock autohide -bool false; killall Dock

By writing an autohide key that is false into com.apple.dock for the currently logged in user, I don’t have to deal with the Dock disappearing any more. You need to kill the Dock and let it respawn, thus the killall as well.

Once I’m done working with the box, I can show the dock again:

defaults write com.apple.dock autohide -bool true; killall Dock

Or, instead of all this, as diskutant once pointed out, just use Command-Option-d when you ARD in and then again when you log out!

Mac OS X Server Mac Security Mass Deployment

Enabling ARD, SSH & SNMP On Mountain Lion Server Using serveradmin

The traditional way to enable Apple Remote Desktop is using the kickstart command. But there’s a simpler way in OS X Mountain Lion Server. To do so, use the serveradmin command.

To enable ARD using the serveradmin command, use the settings option, with info:enableARD to set the payload to yes:

sudo serveradmin settings info:enableARD = yes

Once run, open System Preferences and click on Sharing. The Remote Management box is then checked and the local administrative user has access to ARD into the host.

The Server app will also have the “Enable screen sharing and remote management” option checked.

There are also a few other commands that can be used to control settings. To enable SSH for administrators:

sudo serveradmin settings info:enableSSH = yes

To enable SNMP:

sudo serveradmin settings info:enableSNMP = yes

To enable the dedication of resources to Server apps (aka Server Performance Mode):

sudo serveradmin settings info:enableServerPerformanceMode = yes

Mass Deployment

One Teletype to Bind Them (Or, Clustered SSH for OS X)

When working at scale, and particularly with hosts that need to have the same configuration or you want to perform the same queries on, the issue becomes how do I ‘reach out and touch’ my fleet? Without centralized infrastructure backed by a messaging broker or a heavier process that leaves hooks in systems and/or requires its own domain specific language, sometimes you can get by with… plain ol’ ssh. Apple Remote Desktop can take us a lot of the way there, and one of the announced features of Mountain Lion is that screen sharing gets another piece of ARD’s pie, the ability to drag-and-drop files to transfer them to the remote machine. But when trying to use features other than screen control, ARD has been found to be hit-or-miss (or misreporting the functionality of hosts) in some circumstances.

csshX in action

‘Scripty’ folks look at these issues and craft tools to meet the challenge-slash-obscure-use case. Perl has long been relied upon for network-aware utilities, and csshX is a tool for managing a ‘cluster’ of  ssh sessions on the Mac. You can download or checkout the code from its googlecode site, and it has a man page that can be accessed when calling the binary directly with the -m switch. Options include telling it the login and/or password to use, feeding it a text file of hosts to access, or merely list hosts by DNS name or IP with spaces in between. Even if user names or passwords are different, fully-functional windows open as it attempts ssh connections to each host, with a red window you can use to control them all once you’ve authenticated to the ssh sessions.
From that point on, the world is your proverbial jerry-rigged oyster! To mimic ARD’s file transfers you could scp back to your machine (as kludges go, smileyface,) and another random tip: using the emacs readline functionality to jump to the beginning of a line with Ctrl-a still works, even though csshX uses that for a special purpose (as does the terminal multiplexer screen,) simply hit Ctrl-a again and the program will understand you wanted to send that to the remote sessions. Enjoy!

Football Mac OS X Mac OS X Server Mac Security Mass Deployment Time Machine

2012 Penn State MacAdmins Conference

Don’t let the theft of the Paternoville sign fool ya’, State College is as safe as ever. That is, until a bunch of Mac guys descend on the Nittany Lion Shrine. Yes, it’s that time of the year again when Mac guys from around the world (and yes, all of the speakers are male) descend upon Pennsylvania State University from throughout the Big 10 and beyond to discuss the Penn State mascot, the Nittany Lion. Actually, it’s a mountain lion, so we can’t discuss it quite yet at that point, but we can talk about a slightly bigger cat: Lion.

Lion deployment, scripted tools, Munki, InstaDMG, Puppet, migrations, “postPC,” PSU Blast, Dual Boot, NetBoot, reboot (just threw that in there because it sounded like it fit, but I’m sure much rebooting will be done anyway) and even iOS. Oh, and don’t forget lecture capture, launchd, monitoring, scripting, Boot Camp via BitTorrent (wait, what?), Damn Logs, Subversion (long live git), IPv6 (long live IPv4), DeployStudio (long live the French), Reposado (long live the mouse), Luggage, Casper (long live Minnesota!), ARD (long live the friggin’ App Store), troubleshooting, FileVault (long live Howard Hughes’ legacy), Tivoli (long live that 1984 video), Munki (crap, I already said that) and even iPad (which runs iOS I think).

Overall, the lineup is superb and looking at it, I am honored to be giving a session on Lion Server amidst all the cool stuff going on around me. I’m very impressed with the number and level of speakers and very excited to be a part of it. I’m also excited to be participating with Allister Banks, a cohort from 318, who will be giving talks on InstaDMG and Munki. Overall, it is sure to be a great conference and I look forward to hopefully seeing you all there if I don’t get arrested at the airport for wearing University of Minnesota socks.

Speaking of the Big 10. Did you know there are 12 teams in the Big 10? Did you know the Big East now has teams in Idaho and California? Did you know that the Big 12 has 10 teams? Did you know that the Pac 12 has 4 teams in 3 states that don’t touch the Pacific ocean? What does all this mean? No, it does not mean that we will discuss basic arithmetic and geography at the conference; however, we might show off some apps that can help the math professors at the member institutions of these higher education conferences teach these basic subjects a bit better. Disclaimer: I went to the University of Georgia and am required by having done so to poke fun at other conferences whenever it is possible. Having said that: how many Georgia programmers does it take to change a light bulb?


They can’t, it’s a hardware problem! OK, terrible joke. So here’s a picture of the Georgia mascot chomping down on an opposing (Auburn) player.

Seems like I’m going through football season withdrawals all of a sudden… Point of all this, go to the conference. It’s sure to be a hoot, and I’m sure there will be plenty of talk about football, er, I mean Mountain Lions, er, wait, I mean Mac OS X and iOS!

Mac OS X

Command Keys and ScreenSharing

I like to send the command, control and other system keys to hosts that I’m using ScreenSharing or Remote Desktop to access. But as I recently discovered, not everyone does. You can turn this feature off using the defaults command to augment the DoNotSendSystemKeys key of the com.apple.ScreenSharing.plist property list file. Simply run the following command:

defaults write com.apple.ScreenSharing DoNotSendSystemKeys -bool YES

To turn them back on:

defaults write com.apple.ScreenSharing DoNotSendSystemKeys -bool NO

Or for Remote Desktop, augment the com.apple.

defaults write com.apple.RemoteDesktop DoNotSendSystemKeys -bool YES

To turn it back off for Remote Desktop:

defaults write com.apple.RemoteDesktop DoNotSendSystemKeys -bool NO

FYI, if you don’t want to send the command keys I think you’re a little weird, but that’s OK. Hope you enjoy anyway…

Mac OS X Mac OS X Server Mac Security Mass Deployment Xsan

Programatic Screen Sharing

You can remotely start ARD with kickstart, which I have previously covered at length. But Screen Sharing is a bit of a different little beast. To start up Screen Sharing, you can just use the following command:

echo -n enabled > /Library/Preferences/com.apple.ScreenSharing.launchd

I still prefer kickstart, but this method functions when you need something quick and easy. To then disable Screen Sharing, you can just toss the launchd item:

rm /Library/Preferences/com.apple.ScreenSharing.launchd

Once you have Screen Sharing started, you can then open the Screen Sharing application from a client by using the open command, followed by the protocol, which would be vnc and then the IP address. As with FTP you can also inject the user name and password into the open, following the //, by placing the user name followed by a colon (:) followed by the password and then the @ symbol (all before the IP address). For example, to connect to a computer with an IP address of 192.168.200.2 using the username of krypted and the password of mypass you would use the following command.

open vnc://krypted:mypass@192.168.200.2

You may encounter an encryption error, which if you are attempting to script can be annoying to click on. To suppress it, use defaults to set the dontWarnOnVNCEncryption key of the com.apple.ScreenSharing.plist to True:

defaults write com.apple.ScreenSharing dontWarnOnVNCEncryption -bool TRUE

Have fun!

Mac OS X Mac OS X Server Mass Deployment

Sending Command Keys Through ARD

You can send Command keys (aka – Open Apple and Closed Apple) through Apple Remote Desktop (ARD), or not send the Command keys through ARD. Your call:

defaults write com.apple.RemoteDesktop DoNotSendSystemKeys 1

P.S. – Of course these are short, I’m on the road. Sorry for brevity but typing posts on the iPhone is not all it’s cracked up to be…