Previously, I posted how to ensure SSH access is enabled with Munki. Another favored (though sorely neglected by Apple) tool to remote control Macs is obviously Apple Remote Desktop.
Note: Apple Remote Desktop access is called ‘Remote Management’ in the Sharing Preference Pane. This also includes access for the Screen Sharing application.
We will use a
nopkg setup to control, so we need one script to check wether the configuration needs to be fixed (
ard_installcheck.sh) and a postinstall script to actually do the fixing (
The install check script first tests wether ardagent process is running, wether the “All Users” access option is turned on, and finally wether our user for remote access (
clientadmin in this example, modify for your needs) is in the privileged group.
installcheck has to return
1 when everything is ok. (The actuall install does not have to run so the install is aborted.) If any of the settings aren’t as they should be the script returns
0 (installation needs to proceed) and Munki will run the
postinstall script uses the
kickstart tool to setup ARD the way we want it. (In this example we enable access for two admin accounts
localadmin, modify to what you need.)
The run makepkginfo to build the pkginfo which tells Munki what to do:
makepkginfo --name=EnableARD \ --displayname="Enable Apple Remote Desktop" \ --pkgvers=1.0 \ --nopkg \ --installcheck_script=ard_installcheck.sh \ --postinstall_script=ard_postinstall.sh \ --unattended-install > EnableARD.pkginfo
ard_postinstall.sh need to be in the current working directory, or give the path to the scripts.)
Then copy the pkginfo file to the
pkginfo folder on the munki repository (or a subfolder), add
EnableARD to a manifest and run
managedsoftwareupdate on a client that has that manifest configured.
Even if a user changes the “Remote Management” setting, the next time Munki runs in the background it should notice the change and set them back with the