One of the great gems of Apple Remote Desktop 2, and while it’s not hidden in the documentation, no one seems to have sung its virtues – until now.
Read on for more…You’re going to love how easy this is…
I’m making a couple assumptions here, so before we start, here they are: You already have ARD 2 installed and set up to administer your client machines with a local account. You have LDAP set up, and your client machines are already bound into the domain.
The theory behind this is creating groups in Workgroup Manager, and then adding users who you want to be authorized to use ARD into those groups. There are 4 groups, ard_admin, ard_interact, ard_manage and ard_reports.
ard_admin will have access to all functions of ARD, ard_interact is simply interaction (like you’d get with VNC alone) with the client, ard_manage allows for more advanced features, and ard_reports can only generate reports from the ARD clients. For a clearer idea, check out the Interact, Manage and Reports items in the menubar of ARD.
Create your groups in Workgroup Manager – you don’t need to add all 4, you can pick and choose which you would like, and they can be created with any GID, it’s only the name which must be exact. Then add your ARD administrative users to their appropriate groups.
To set up the clients, you can either create your own Client Installer, or you can change your existing client settings (under the Manage menu bar item). Using the “Change Client Settings” as an example, click through the screens until you get to the “Incoming Access” screen. From here click the “Set authorized groups to:” checkbox. Keep continuing through once you’ve done this, and eventually you’ll be able to set your selecting machines with these settings.
Do check out some of the other options you can apply to your client machines using this tool, it allows you to set up, or remove local admin users, and set up other tools like openWBEM.
Once you’ve pushed out these setting to your clients, set up the computers you wish to manage in ARD, and put yourself into one of the ard_* groups, you can use your own username and password to add the clients to your computer lists. This will also make your administrative life much easier if you want different ARD users to have different abilities.