SSH allows administrators to connect to another computer using a secure shell, or command line environment. ARD (Apple Remote Desktop) allows screen sharing, remote scripts and other administrative goodness. You can also connect to a server using the Server app running on a client computer. To enable any or all of these, open the Server app (Server 5 for El Capitan and Yosemite), click on the name of the server, click the Settings tab and then click on the checkbox for what you’d like to enter.
All of these can be enabled and managed from the command line as well. The traditional way to enable Apple Remote Desktop is using the kickstart command. But there’s a simpler way in OS X El Capitan Server (Server 5). To do so, use the serveradmin command. To enable ARD using the serveradmin command, use the settings option, with info:enableARD to set the payload to yes:
sudo serveradmin settings info:enableARD = yes
Once run, open System Preferences and click on Sharing. The Remote Management box is then checked and the local administrative user has access to ARD into the host.
There are also a few other commands that can be used to control settings. To enable SSH for administrators:
sudo serveradmin settings info:enableSSH = yes
When you enable SSH from the serveradmin command you will not see any additional checkboxes in the Sharing System Preferences; however, you will see the box checked in the Server app. To enable SNMP:
sudo serveradmin settings info:enableSNMP = yes
Once SNMP is enabled, use the /usr/bin/snmpconf interactive command line environment to configure SNMP so you can manage traps and other objects necessary.
Note: You can’t have snmpd running while you configure SNMPv3. Once SNMPv3 is configured snmpd can be run.
To allow other computers to use the Server app to connect to the server, use the info:enableRemoteAdministration key from serveradmin:
sudo serveradmin settings info:enableRemoteAdministration = yes
To enable the dedication of resources to Server apps (aka Server Performance Mode):
sudo serveradmin settings info:enableServerPerformanceMode = yes
krypted September 22nd, 2015
You can remotely start ARD with kickstart, which I have previously covered at length. But Screen Sharing is a bit of a different little beast. To start up Screen Sharing, you can just use the following command:
echo -n enabled > /Library/Preferences/com.apple.ScreenSharing.launchd
I still prefer kickstart, but this method functions when you need something quick and easy. To then disable Screen Sharing, you can just toss the launchd item:
Once you have Screen Sharing started, you can then open the Screen Sharing application from a client by using the open command, followed by the protocol, which would be vnc and then the IP address. As with FTP you can also inject the user name and password into the open, following the //, by placing the user name followed by a colon (:) followed by the password and then the @ symbol (all before the IP address). For example, to connect to a computer with an IP address of 192.168.200.2 using the username of krypted and the password of mypass you would use the following command.
You may encounter an encryption error, which if you are attempting to script can be annoying to click on. To suppress it, use defaults to set the dontWarnOnVNCEncryption key of the com.apple.ScreenSharing.plist to True:
defaults write com.apple.ScreenSharing dontWarnOnVNCEncryption -bool TRUE
krypted January 26th, 2010
The Command Line Fibre Channel Management and Setting up the Network Stack from the Command Line articles I did on Xsanity covered a couple of tasks that you more than likely perform on every client system you setup. Now let’s look at another. Whether you are deploying Xsan or managing it, assuming you have more than 1 machine to manage (and why would you use Xsan if you don’t) then a little Apple Remote Desktop (ARD) can make your life a lot easier. You might be deploying a package to install the Final Cut Server.app or you might be installing Xsan remotely. Or maybe you’re quitting Final Cut Pro or closing a Finder window so that you can unmount that volume that otherwise just won’t unmount. Either way, centralized administration almost requires you to enable Remote Management and if you’re looking to automate every aspect of a deployment then you’ll certainly be doing so.
To enable Remote Management for the ARD client is easy enough. Simply open up System Preferences, click on the Sharing System Preference pane, check the box for Remote Management and then check the boxes for the features you’d like to enable (eg – Observe, Control, etc). By default, all users have access to do whichever tasks you define. Straight forward enough…
But what if you are deploying 40 Xsan and Final Cut Server clients, 2-3 Metadata Controllers along with 20 members of a render farm? Let’s just say that during the process you decide that you need to limit only your companies admin account to control the computers (otherwise users will start messing around with one anothers stuff)? Even if you enabled Remote Management at installation time, now you need to go touch 65 computers? Or what if you can SSH into a metadata controller but not tap in through Remote Management? Or need to configure that shiny new Xserve that didn’t ship with a video dongle?
Enter kickstart. The kickstart command is located in the /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources directory (the rest of this article assumes this to be your working directory, and assumes you are running these commands with elevated privileges). To start off, we’re going to configure Remote Management. To do so we’re going to use the -configure option with kickstart and enable access to the host (-access), checking all the boxes from the Remote Management Options… button (-privs -all) for the xsan admin user (-users xsanadmin):
./kickstart -configure -access -on -privs -all -users -xsanadmin
You can also enable access to Open Directory accounts if your Xsan includes those. In the following we’ll configure Remote Management to allow Open Directory logins (-setdirlogins yes and then enable the specific groups that will have access (-setdirgroups -dirgroups) to the Open Directory group called xsanadmins:
./kickstart -configure -clientopts -setdirlogins yes -setdirgroups -dirgroups xsanadmins
You can also configure each of the check boxes for each permission independently, using -DeleteFiles, -ControlObserve, -TextMessages, -ShowObserve, -OpenQuitApps, -GenerateReports, -RestartShutDown, -SendFiles, -ChangeSettings and -ObserveOnly.
The global options for the Remote Desktop client can also be set. To do so you would add the -clientopts option and specify which of the features to configure. Other than the Directory Services options, these include those settings accessible through the Computer Settings… button. Show Remote Management status in menu bar can be enabled using -setmenuextra yes. Anyone may request permission to control screen can be enabled using -setreqperm yes. VNC viewers may control screen with password can be enabled using -vnclegacy yes. You can also set the password using -vncpw followed by the password you would like to use. You can also set the Computer Information fields using -computerinfo followed by -set1, -set2, -set3 and -set4.
But kickstart isn’t just for setting up the ARD client. You can also restart Remote Management when you are having problems by running the -restart option when SSH’d into a host:
./kickstart -restart -agent -console
And what the Xsan admin giveth the Xsan admin can taketh away; you can disable Remote Management access by setting -access to off:
./kickstart -configure -access -off
You can also use kickstart to install and uninstall packages, but in my experience you’re gonna’ want to use the Remote Desktop software to do that. For more on the options available in kickstart, check out:
Finally, if you would rather perform a file drop to deploy settings (or use the defaults/plutil commands to deploy settings) then you’ll need to know the property lists, or domains that the preference files are stored in. Because kickstart is not compiled you can find these in the variable definitions at the beginning of the script.
krypted August 27th, 2009
Fire up ARD through the command line:
krypted January 7th, 2008
When a computer has ARD open, by default you cannot log into it using Remote Desktop from another host. To fix this, use the following command:
defaults write /Library/Preferences/com.apple.RemoteDesktop AdminConsoleAllowsRemoteControl -bool false
And then run the kickstart -restart -agent command from /System/Library/CoreServices/ARD Agent.app/Contents/Resources
/System/Library/CoreServices/ARD Agent.app/Contents/Resources/kickstart’ -restart -agent
krypted October 2nd, 2006