SSH allows administrators to connect to another computer using a secure shell, or command line environment. ARD (Apple Remote Desktop) allows screen sharing, remote scripts and other administrative goodness. You can also connect to a server using the Server app running on a client computer. To enable any or all of these, open the Server app (Server 5.2 for Sierra), click on the name of the server, click the Settings tab and then click on the checkbox for what you’d like to enter. All of these can be enabled and managed from the command line as well. The traditional way to enable Apple Remote Desktop is using the kickstart command.…
-
-
ARD 3.7
Apple has released the client and server updates for Apple Remote Desktop. Both are now available on the App Store. For official information of the server update, see http://support.apple.com/kb/HT5896?viewlocale=en_US. New features include: Support for OS X Mavericks A shared clipboard which allows automatic copy and paste between local and remote computers Improved support for Mac systems with multiple displays or multiple IP addresses Enhanced multi-observe with gesture support for swiping between screens Output of remote UNIX commands is no longer truncated The client update documentation is at http://support.apple.com/kb/HT5896?viewlocale=en_US&locale=en_US.
-
Enable SSH, ARD, SNMP & the Remote Server App Use In OS X Server (Mavericks)
SSH allows administrators to connect to another computer using a secure shell, or command line environment. ARD (Apple Remote Desktop) allows screen sharing, remote scripts and other administrative goodness. SNMP allows for remote monitoring of a server. You can also connect to a server using the Server app running on a client computer. To enable all of these except SNMP, open the Server app (Server 3), click on the name of the server, click the Settings tab and then click on the checkbox for what you’d like to enter. All of these can be enabled and managed from the command line as well. The traditional way to enable Apple Remote…
-
Connect to Currently Logged In User Using ARD
When you’re kickstarting ARD/Screen Sharing, you might notice times when you are asked if you want to connect to the local logged in user or to a new session, which shows the login window. In most cases, I want to connect to the console user, or that locally logged in user. To go right there, instead of seeing the OS X login window, you can use the defaults command to write a VNCAlwaysStartOnConsole key (boolean, true) into com.apple.RemoteManagement.plist in /Library/Preferences, as follows: defaults write /Library/Preferences/com.apple.RemoteManagement VNCAlwaysStartOnConsole -bool true The newer features here are pretty cool and really nice to have, but I’ve now added this to a lot of my…
-
Using the Software Update Service on Mountain Lion Server
The software patching configuration built into most operating systems is configured to open a box at home, join your network and start using the computer right away. As environments grow from homes to offices and then offices grow into enterprises, at some point software updates and patches need to be managed centrally. Mountain Lion, as with its OS X Server predecessors has a Software Update service. The service in the Server app is known as Software Update and from the command line is known as swupdate. The Software Update service, by default, stores each update in the /var/db/swupd directory. The Software Update servie is actually comprised of three components. The first is an…
-
One Teletype to Bind Them (Or, Clustered SSH for OS X)
When working at scale, and particularly with hosts that need to have the same configuration or you want to perform the same queries on, the issue becomes how do I ‘reach out and touch’ my fleet? Without centralized infrastructure backed by a messaging broker or a heavier process that leaves hooks in systems and/or requires its own domain specific language, sometimes you can get by with… plain ol’ ssh. Apple Remote Desktop can take us a lot of the way there, and one of the announced features of Mountain Lion is that screen sharing gets another piece of ARD’s pie, the ability to drag-and-drop files to transfer them to the…
-
Suppressing the iCloud Dialog During Imaging and Through ARD
The latest update of Lion for Mac OS X 10.7.2 comes with an interesting new option, where it prompts users to log into iCloud. This setting is stored in com.apple.SetupAssistant.plist in the DidSeeCloudSetup key. Configuring the boolean with a positive value then suppresses the prompt for the user: defaults write /System/Library/User Template/Non_localized/Library/Preferences/com.apple.SetupAssistant DidSeeCloudSetup -boolean YES If you have configured it and you want to run it again, just revert to NO: defaults write /System/Library/User Template/Non_localized/Library/Preferences/com.apple.SetupAssistant DidSeeCloudSetup -boolean NO These commands can be sent out through Apple Remote Desktop, or some other patch management system.
-
Disable AirDrop in Mac OS X Lion
Lion comes with this nifty option called AirDrop, which allows users to share files directly. In many environments, this represents a perceived security risk (whether real or not) and must be disabled. To disable AirDrop: defaults write com.apple.NetworkBrowser DisableAirDrop -boolean YES To turn it back on: defaults write com.apple.NetworkBrowser DisableAirDrop -boolean NO This is done per-user and so can also be done via Managed Preferences, profiles and/or at imaging time.
-
Removing DigiNotar Trust in OS X
DigiNotar got hacked awhile back. And more and more issues seem to continue to surface as a result (most notably spoofing Google). Read this article for more info on it, but I’m not gonna’ rehash it all right now. Instead, let’s correct it. To do so, we’ll use the security command. Then we’ll use the delete-certificate option along with the -Z operator, which allows inputing (or outputting when installing certificates) a SHA1 has of a certificate. Root Certificates (those that appear under the System Roots section of the Keychain Access application) are all located in the /System/Library/Keychains/SystemRootCertificates.keychain keychain and so we’ll specify that as well: sudo security delete-certificate -Z C060ED44CBD881BD0EF86C0BA287DDCF8167478C…
-
Open Directory Populated ARD Computer Lists
In Mac OS X 10.5-based Open Directory (or higher) and Apple Remote Desktop 3.3 (or higher) you can now add directory services objects as computer lists. Simply open Apple Remote Desktop from a bound computer, click on Scanner and then click on the drop-down list for the type of scanner. Here, select Directory Server and you should start to see your Open Directory objects populating the list, obviating a previous article on populating lists at deployment time. BTW, if you’re interested in creating computer lists based on Active Directory, start with cn=computer_lists. Note: Turns out Randy Saeks has also done an article on this topic. Find it here: http://rsaeks.wordpress.com/2009/11/23/using-opendirectory-computer-lists-with-apple-remote-desktop/