Previously, I posted how to ensure SSH access is enabled with Munki. Another favored (though sorely neglected by Apple) tool to remote control Macs is obviously Apple Remote Desktop.
Note: Apple Remote Desktop access is called ‘Remote Management’ in the Sharing Preference Pane. This also includes access for the Screen Sharing application.
We will use a nopkg setup to control, so we need one script to check wether the configuration needs to be fixed (ard_installcheck.sh) and a postinstall script to actually do the fixing (ard_postinstall.sh).
The install check script first tests wether ardagent process is running, wether the “All Users” access option is turned on, and finally wether our user for remote access (clientadmin in this example, modify for your needs) is in the privileged group.
Paradoxically, the installcheck has to return 1 when everything is ok. (The actuall install does not have to run so the install is aborted.) If any of the settings aren’t as they should be the script returns 0 (installation needs to proceed) and Munki will run the postinstall script.
The postinstall script uses the kickstart tool to setup ARD the way we want it. (In this example we enable access for two admin accounts clientadmin and localadmin, modify to what you need.)
The run makepkginfo to build the pkginfo which tells Munki what to do:
makepkginfo --name=EnableARD \
--displayname="Enable Apple Remote Desktop" \
--pkgvers=1.0 \
--nopkg \
--installcheck_script=ard_installcheck.sh \
--postinstall_script=ard_postinstall.sh \
--unattended-install > EnableARD.pkginfo
(ard_installcheck.sh and ard_postinstall.sh need to be in the current working directory, or give the path to the scripts.)
Then copy the pkginfo file to the pkginfo folder on the munki repository (or a subfolder), add EnableARD to a manifest and run makecatalogs.
Run managedsoftwareupdate on a client that has that manifest configured.
Even if a user changes the “Remote Management” setting, the next time Munki runs in the background it should notice the change and set them back with the postinstall script.
Just had to deploy a hundred or so macs in our school in record time. Somehow the “RemoteManagement” shut me out of ARD on random clients.
Just made my first .pkginfo with this very useful indeed script and tutorial. If all goes well I will be able to wrestle back control of the ARD client with MUNKI doing most of the work.
Much appreciated #!Scripting OS X…
Too much techncial stuff and coding. Instead, I would recommend using tools like logmein, R-HUB remote support servers etc. for remotely accessing computers from anywhere anytime. They work well.
It is exactly the amount of code needed to make it work. All of the solutions are great solutions at what they do, but they all need a client component installed and configured on the client. ARD client is part of macOS, so you don’t need an extra installation. When you want to automate the configuration you’ll end up with similar code. That’s just how it is.