Jens Lodholm

Basic Desktop Administration Using Apple Remote Desktop​


Why use a fishing pole when a net works so much faster? For those supporting even a few Macs, it makes sense to manage them collectively instead of as individual workstations—a practice known as desktop administration.

No desktop administration tool provides more value than Apple Remote Desktop (ARD, for short). For just $80, it leverages the free ARD agent built into Mac OS X, and can change forever the way your organization supports Macs.



Benefits

Efficiency. With its many-at-once approach, ARD optimizes limited IT hours. Instead of touching every Mac, technicians can support numerous clients from a single console.


Simplicity. The least complicated solution often involves central management. Many tasks can’t be done by hand as easily as with ARD.


Consistency. Giving Macs the same software and settings makes them easier to support, and ensures every device complies with organizational standards.


Productivity. Mac support needn’t always disrupt users’ work.


Remote Access. Managing Macs over the network reduces or removes the need for on-site visitations.


Central Reporting. ARD makes it easy to manage inventory by collecting client data over the network.


Client Management. AutoInstall pushes software to mobile Macs when they become available. ARD’s built-in scanner eases desktop administration by listing Macs with Remote Management disabled, as well as non-Mac devices like PCs and printers.



Common Tasks

Device Management. A customizable toolbar provides dedicated buttons to rename, restart, shut down, and even start or wake supported clients. Administrators can remotely observe and control client Macs with one click, including curtain-mode to hide the screen from the user during sensitive operations.


Asset Management. ARD gathers detailed information from each Mac: OS version, RAM, disk size and free space, network connections, peripheral interfaces, installed software, and much more. It can even search for specific files. Administrators can export collected data as tab- or comma-separated text for use in other reports. 


Software Distribution. ARD easily deploys installers in package format (.pkg or .mpkg files) to managed Macs. It can also copy customized preferences and other files to a specified location. Apple’s PackageMaker application and other third party tools can help you create packages for distribution over ARD.


Scheduled Tasks. When needed, set an ARD task for a specific time, such as an after-hours restart.


Automation. By using Automator actions, administrators can customize a series of actions for their environment on multiple Macs.


UNIX Commands. A powerful feature for desktop administrators, enabling them to manage details on a host of Macs which would be impractical by hand.

  • Cautions:
    • Commands sometimes behave differently in ARD than in Terminal. Test and verify the results on a single client before deploying to multiple Macs.
    • ARD permits only single commands. If necessary, learn how to nest multiple lines into one using the “;” (semi-colon) separator.
    • Commands requiring super-user (sudo) privileges typically need to be run as root for success in ARD. (Set this under “Run command as...” in the task details.)


Software Updates. Administrators can collectively manage Apple software updates with the softwareupdate UNIX command, even forcing urgent ones to run immediately.

The defaults command lets administrators redirect Macs to an internal software update server to reduce internet traffic and restrict available updates.

Research the commands above for further details.


Time Machine Management. When backups matter, desktop administrators can view a Mac’s Time Machine schedule with the tmutil command. They can also force an immediate backup or implement changes to the configuration.



Challenges

Client Setup. Although you must configure each Mac by hand for Remote Management, it doesn’t take long. Streamline workstation deployments by enabling the service on client images.


Security. ARD uses a secure protocol, and can be restricted to specific user accounts. High-security environments must decide if it meets their own standards.


Learning Curve. Researching, building, and testing complex tasks can add time to a desktop administration project.


Unsupported tasks. ARD’s limits can force too much of a time investment for some tasks. Software in the wrong format requires creating custom packages for installation.


Communication. Because ARD allows silent control and alteration of Macs, desktop administrators must communicate with users to avoid problems. Conduct major projects under management oversight and peer review.


Unforeseen Consequences. Configured tasks don’t always behave as expected, which makes testing and backups critical. Know how to reverse any changes you make.



Getting Started

  1. Buy ARD from the App Store ($80) and install it on the Mac you will be administering from. (Sorry, there is no Windows version of this tool.)
  2. Enable Remote Management on all Macs. Find this setting under System Preferences > Sharing. Restrict access to a single user account if desired.
    • Recommended: Configure a common local administrator account on every Mac to simplify authentication when adding clients into ARD. Including it in workstation images will minimize setup time.
  3. Add Macs to ARD. Use the Scanner to locate clients on the network. Drag them into an existing client list or create a new one.
  4. Organize clients in ARD. Create groups to differentiate between Macs based on hardware, software, standards, departments or other criteria. Smart lists stay updated based on client parameters.
  5. Create tasks in ARD. The application includes some sample tasks. Organize these tasks into groups for simplicity.



Conclusion

If you support more than even a few Macs, why not use Apple Remote Desktop? The tedium of repeating installs or changes on a network of Macs should be incentive enough. The ability to run UNIX commands, force updates, and check backups will give you an addictive level of control. When you add the other benefits of remote access, consistency, central reporting, and more, it’s a slam dunk. With ARD, you can have greater confidence your Macs are getting the best possible support.