Jesus Vigo provides steps and best practices for managing computers and users utilizing Apple Remote Desktop.
While tried and true, it was an error-prone process since it relied on multiple executions of the same task by a human. Fast forward to modern computing times and remote management is the de facto way to perform any changes from OS provisioning to software deployment to making changes to user settings -- it can all be scripted, pushed, installed, or executed remotely from a single machine to all the desktops in your environment.
One task. One operation. Welcome to Apple Remote Desktop (ARD)! Once you install it on a management station or server and configure each client computer, you may never have to touch another station again.
Let's review some of the remote administration and end-user assistance features of ARD.
I. Add computer (one time only)
- Launch Remote Desktop.app from the Applications folder.
- Be default, ARD will launch with the Scanner option that's selected. Scanner will allow for the searching of computers that are configured to communicate with ARD. It will display found computers on the center of the screen along with the name of the computer, IP Address, and ARD client version installed (Figure A).
3. Computers may be searched for using a host of options (Figure B). Most notably are Bonjour (for ad-hoc/SOHO environments), Local Network (which scans the LAN your management station is connected to), and Network Range or Address (which can scan based on a single IP or an entire range of IPs, mostly used by corporations with large networks).
Figure B
Figure C
Figure D
II. Interact: Observe, Control, and Curtain
Once the client has been authenticated in the console, the systems administrator will be able to execute tasks, including Remote Desktop on the specified machine. Highlight the device you wish to connect to and select the appropriate level of connection you wish to make: Observe, Control, or Curtain. Observe allows the admin to only view what the locally logged-on user is doing on-screen (Figure G).Figure G
Control allows the admin access to the desktop.
Control is similar to Observe, except the admin now has access to physically control the desktop over the network. This access type is, by default, shared between the end user physically at the machine and the admin remoting in (Figure H).Figure H
Curtain hides the desktop altogether from the end user.
Lastly, there's Curtain access. Curtain offers all of the benefits of Control except that it a) allows only the admin to control the computer, effectively disabling the end user from manipulating anything on-screen; b) more importantly, Curtain hides the desktop altogether from the end user in a private mode, hiding whatever task the admin chooses to perform. A small message will appear on-screen for the end-user to know that his/her desktop is currently being used for administrative purposes ( Figure I).Figure I
Message shows that the desktop is being used.
III. Interact: Send Message and Chat
Another interesting feature is ability to send single or network-broadcast type messages to the nodes communicating with the ARD console. These one-off messages are meant to get a short message -- or text, if you will -- to users on your network. They can serve to warn those working that equipment may be offline for scheduled maintenance or possibly to ask someone to manually power on a machine that's close to them but across campus for the systems administrator. The Message feature is a one-to-many message and one-way -- from admin to end users ( Figure J).Figure J
The Send message feature.
Conversely, the Chat feature will allow the admin to actively participate in a real-time chat session with a user (or group of users), with two-way communication between the parties involved. This is extremely useful in an enterprise or educational setting, as it allows for the administrator or technician to provide individualized assistance to an end user. When used in conjunction with the Observe tool above, the administrator can see what the end user is seeing and may be able to directly communicate a solution and/or enable Control access in order to resolve any issues on the fly. This is personalization of service on a level that few applications provide ( Figure K).Figure K
The Chat feature.
IV. Interact: Lock and Unlock Screen
The Lock and Unlock Screen commands are identical to the Curtain access feature detailed above in section II. By enabling Lock Screen, it effectively prevents access to the computer by any users until the Unlock command has been executed to restore user access. While not used often in a corporate setting, this is a boon for anyone in the educational sector. Some educators really appreciate the ability to restrict access to students until the lesson has concluded and it's time to work on the computer.Even in the enterprise, it still serves a unique purpose by locking access to a machine that may be in the course of receiving an OS-level upgrade. This gives the deploying admin peace of mind that an end user cannot cancel the upgrade mid-way or otherwise perform a task that may destabilize the computing environment until the upgrade has been successfully completed. There are also security practices that dictate a machine must be left operational after an attack until a security professional has been able to fully complete the forensics examination, which may provide valuable clues as to the nature of the attack or breach ( Figure L).
Figure L
The Lock and Unlock Screen.
V. Interact: Spotlight search
Spotlight, as anyone familiar with OS X/iOS will know, is the feature that indexes the file system and allows for searching of just about any documents on a computer instantaneously. Built in to ARD is a Spotlight Search hook that allows for searching of hard drives for clients connected to the console. The goal of this feature is two-fold: First, it aids the systems administrator in finding files/folders and allows them to be opened, copied, or deleted all from the push of a button. This helps in retrieving data or deleted certain configuration files that are outdated or to be updated later on via push. Secondly, it allows for unprecedented support of end users who may not be as tech-savvy or familiar with OS X. This tool offers user support for finding lost files, types of documents, or even retrieving files off one node and copying them over the network to another node with little administrative overhead ( Figure M).Figure M
Spotlight Search.
So there you have it. Apple Remote Desktop is a remote administration and end-user support and assistance tool that utilizes a breadth of technologies and helps leverage the power of OS X and the local area network to perform tasks from one console station that impacts the entire organization.From one to 1,000 -- the possibility of one or two systems administrators managing the corporate landscape of network-connected devices is not only very much a reality, but it won't wear out your sneakers, flash drives, or patience in the process.
~ Jesus Vigo
0 comments:
Post a Comment