Skip navigation

Does Apple Remote Desktop need to be installed on the client computer?

7791 Views 16 Replies Latest reply: Feb 24, 2012 7:40 PM by zerofourtwo RSS
1 2 Previous Next
LOLuMad Level 1 Level 1 (0 points)
Currently Being Moderated
Feb 16, 2012 8:15 PM

I'm not an "power" Mac user and I'm new to Apple Remote Desktop. Does ARD need to be installed on the client computer in order for me to remotely connect to it via the internet from another mac (with ARD installed)?

Mac OS X (10.7.3)
  • Antonio Rocco Level 6 Level 6 (10,100 points)

    Hi

     

    No. The ARD Agent is installed as part of the OS. The ARD application is a 'special' administration application that can be used to administer (amongst other things) multiple computers.

     

    Judging by what you're saying you actually don't need ARD Admin for what you want. You could simply use the Screen Sharing App one end and remote access the client (the other end) by opening up the relevant port or ports (5900 & 3283) in the firewall and knowing the external IP address (the other end) and the internal IP address of the client (the other end).

     

    This works best if the remote site has a fixed external IP address. If you want to access multiple clients it's best you use a VPN. Alternatively you can VNC to a single remote client that has ARD Admin installed and use that to administer the other clients.

     

    You could also consider other ways of doing this? iChat, LogMeIn, TeamViewer etc.

     

    HTH?

     

    Tony

  • Antonio Rocco Level 6 Level 6 (10,100 points)

    Hi

     

    "For some reason, I can't get it to work/connect to over the internet."

     

    From my previous post:

     

    ". . . by opening up the relevant port or ports (5900 & 3283) in the firewall and knowing the external IP address (the other end) and the internal IP address of the client (the other end) . . ."

     

    Have you done this?

     

    Do you know the external IP address of the remote site? In other words the Public side of that site's Firewall.

     

    Do you know the internal IP addresses of clients you wish to control? In other words assigned IP addresses on the Private side of that site's Firewall.

     

    Once you know these two pieces of information and if you've configured the firewall appropriately, you will be able to control/access - and anything else you like - remote clients at that site.

     

    HTH?

     

    Tony

  • Gary Lydeen Level 1 Level 1 (15 points)

    I think the key point you need to look at, is using Port Forwarding on the remote firewall.

     

    It is certainly possible to access a remote computer through the internet using ARD.  ARD really is not geared to this task very well due to the fact, most enviroments are using a version of NAT known as PAT, (Port Address Translation). PAT allows many internal hosts to share a single external IP address.

     

    When trying to connect to the remote machine usign the external address of the firewall, unless Port Forwarding is configured, the firewall doesn't know what to do with the packet and simply drops it. (In effect doing what it's supposed to do).

     

    Using Port forwarding you can "MAP" the external address along with ports 5900 and 3283 to the internal address of that remote computer again using ports 5900 and 3283. This is a fairly simple configuration on most conumer firewalls. (I have done this so I know it works).

     

    As Antonio mentioned, a VPN is really the best method for using ARD through the internet.   Unfortunatnley with the way PAT works, you are pretty much limited to accessing only the one machine when using port forwarding. There are ways around that, but that gets fairly ugly to manage.

     

    I hope that helps.

     

    Gary

  • Antonio Rocco Level 6 Level 6 (10,100 points)

    Hi

     

    Your problem is going to be the external IP address. Your Parent's ISP will assign an external IP address dynamically - also known as DHCP. The problem with DHCP is the address assigned is liable to change on a regular basis. The only way you can ever know if it has changed is (a) when it fails to connect and (b) when you call your parents and ask them to check what IP address they are currently using.

     

    AFAIK all ISPs use DHCP for their Residential Broadband offering. Clearly it's better to ask them for a fixed IP address as this will not subject to change over time and therefore offers a much more reliable remote connection. AFAIK fixed external IP addresses are only available for Business Users and will obviously cost more.

     

    Ultimately you have to decide whether you want to foot the extra costs of a fixed IP address and the ease of use it offers or deal with a dynamically assigned one and the extra work involved in using it.

     

    HTH?

     

    Tony

  • zerofourtwo Level 1 Level 1 (0 points)

    Most ISPs these days do not change residential ip addresses at random periods anymore. In most cases your external IP address will not change unless the MAC address of the device directly connected to the modem changes (i.e. router, AP, firewall, computer, etc.) and even in that case the new device typically has to be connected for a certain amount of sustained time prior to a new IP being assigned. I agree that he more than likely has a dynamic IP address assigned but the interval at which it changes shouldn't be an issue. Even if the ip does change, a 2 sec check @ www.whatsmyip.com and an update to his ARD preferences would fix any connectivity issues, not much of a problem IMO.

     

    @LOLuMad

     

    The 10.x.x.x and 192.x.x.x are your internal IPs (ip address scheme designated by the router or AP) sent out to the connected computers via DHCP. 10.x.x.x is typically the IP address form for a Aiport Express/Extreme, and 192.x.x.x is typically the default address form for a Netgear, Linksys/Cisco, D-Link, Buffalo, Asus, etc.So in essence it could be either type just depends on how the router has been configured. If you open Network Utility from the /Applications/Utilties folder then select the interface which is connected to the router, for example if connected via wifi select Airport (SL) or Wi-Fi (Lion) from there it will tell you that computer's internal IP address assigned by the router. Alternatively you can also open Terminal from /Applications/Utilties and type in "ifconfig" (w/o qoutations) and look at the "inet" address under the appropriate interface which will also provide you with the same information.

     

    If you plan to connect to this computer internally (on the same network) then you will need to input the local IP into ARD, although if you have the correct sharing preferences turned on, on the target computer it should automatically show up on the list under all computers without having to manually add it to the list. If you plan on connecting to the computer remotely then you will have to add the computer via ip address and input the external ip address not the internal. Assuming you have already forwarded the appropriate ports both 5900 and 3283 using the internal IP address for that computer. Hope it helps!

     

    -Brandon

  • zerofourtwo Level 1 Level 1 (0 points)

    Can you explain the steps that you take to "add" the remote client computer?

  • zerofourtwo Level 1 Level 1 (0 points)

    I believe that all Macs SL and newer have a passive ARD agent that allows you to connect to a target computer that does not have the ARD app installed. But remote management preferences have to be "on" within the sharing menu. Question..Are you trying to connect to the mac mini via external ip while connected to the same network? If so you will be unable to do so, assuming ports are setup correctly. ARD does not let you connect to a computer on your local network via the public ip, i believe this is a NAT issue, but haven't experimented enough to know for sure the cause.

     

    When connecting to a computer on your local network make sure to view the local list by selecting "Scanner" from the main list on the left, then using the drop down menu to the right select "Local Network". When connecting to a computer externally (different network) you can just hit "All computers" from the main list on the left.

    When you want to add the Mac mini select "All Computers" from the left window, then select the "+" button at the bottom of the right window, from there you can input the external IP address of the Mac mini or any other target machine you need to connect to. Also when providing User Name and Password make sure to use the User Name and Password of the Account holder that is logged into that machine.

     

     

     

    When configuring the Netgear router make sure that you have two TCP/UDP entries for the Mac mini's internal ip address. One TCP/UDP port forward entry for the 3283 port using the assigned internal IP address for the Mac mini, and a completely seperate TCP/UDP port forward entry (same ip) but with port 5900 just make sure to title it with a different name. Netgear routers don't like two seperate entries under the same name(Name it whatever you like) Also i recommend if available on your router is to setup IP Address Reservation for the Mac Mini. This is done via Netgear interface typically under "Lan Setup". That way the internal IP address for the Mac mini does not change when being rebooted/disconnected from the network. If reservation is not an option with your Netgear Router you can manually input an IP address on the Mac Mini by going to "Network Preferences"-> "Advanced" -> "TCP/IP", then change "Using DHCP" to "Manually". Just make sure to select an IP address that will not conflict with another machine that will recieve an IP via DHCP, for instance 192.168.1.200 or 10.0.1.200. Otherwise if the internal IP is not static your router will forward the ports you opened to the wrong computer once the IP changes. Just make sure whatever IP you elect to reserve for the Mac mini,you change the IP address under port forwarding to match.

     

    I hope i explained this clearly, i have yet to have coffee so forgive my grammer/punctuation (lack thereof). Also screenshot included on how your ports should look. Granted some of the options will be different but you will see what i mean by having two different port forward entries. screenshot.jpg

  • zerofourtwo Level 1 Level 1 (0 points)

    Just to make sure sure everything is setup correctly..

     

    1. The internal IP of the Mac mini matches that of the ip in the port forward setup (10.0.0.22) Check via Utility-> Network Utility-> Info.

    2. The Ports 3283, and 5900 are both open for the same internal ip address.

     

    3. Confirmed that the Mac Mini is in fact running the specific static address you elected (Network Utility under Utilties)

     

    4. Turned on Remote Management under Sharing Preferences (I also keep File Sharing turned on)

    Also i remove all users from each sharing resource except the main user. For instance, "File Sharing" on my wife's Macbook Pro has only one authorized user, her with her system password. That way if someone was to try and connect remotely to her system they would need to either know her password or recieve it from her.

     

    5. Go to "Preferences -> Security -> Firewall, and make sure it's turned off, at least during your troubleshooting. Mac's only allow you to define applications from the firewall menu, so if you do not have ARD installed on the MAC mini, but do have the Firewall on it may be what's causing your communication issues, just a thought.

     

    The only other thing that is coming to mind right now, is turn off the "Disable Port Scan" security feature of your router, then while on the local network using your Mac go to Utilities -> Network Utility, then select "Port Scan" and input the internal IP Address of the Mac mini (10.0.0.22) uncheck the box "Only test ports between" leave it blank so that it checks all ports.

     

    What you should see is your ports that you forwarded (3283 and 5900) assuming your router allows you to disable port scanning. If the ports are for whatever reason not getting opened you can turn apply DMZ to that address from within the router confing and then check for communication. The only other significant difference i can think of between your setup and mine is that you only have ARD running on one side, whereas i have it installed on my target machine. You could open up the App Store and login in as yourself and download the ARD App onto the Mac mini for free in hopes that, that may clear up some issue that has gone unseen.

     

    HTH

     

    -Brandon

1 2 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.