ARD Administrative Access Using Directory Services

ARD Administrative Access Using Directory Services

You can also grant Apple Remote Desktop (ARD) administrative access without enabling any local users at all by enabling group-based authorization. When you use specially named groups from your Directory Services master domain, you don't have to add users and passwords to the client computers for ARD access.

When Directory Services authorization is enabled on a client, the user name and password you supply when you authenticate to the computer is checked in the directory. If the name belongs to one of the ARD access groups, you are granted the access privileges assigned to the group.

You must create groups in the Directory Services master domain named "ard_admin" and "ard_reports". The groups have the following management privileges:

Privilege ard_admin ard_reports

Generate reports
X

X

Open and quit applications
X

Change settings
X

Copy items
X

Delete and replace items
X

Send messages
X

Restart and shut down
X

Control
X

Observe
X

Show being observed
X

Privilege	ard_admin	ard_reports
Generate reports	X	X
Open and quit applications	X
Change settings	X
Copy items	X
Delete and replace items	X
Send messages	X
Restart and shut down	X
Control	X
Observe	X
Show being observed	X