Currently Being ModeratedAug 23, 2012 7:23 AM (in response to ShiningTitan)
Sorry, but if they have the administrator privileges necessary to install most software and make other settings changes, there's no way to prevent them from turning off ARD. In earlier versions of Mac OS X, it was possible to create users with limited admin privileges, but that seems to be no longer possible since Apple dropped NetInfo.
Currently Being ModeratedAug 23, 2012 4:54 PM (in response to ShiningTitan)
I would not allow users to install stuff on organization owned equipment or change wireless, or fiddle with remote management settings, it's not theirs to fiddle with. You're in for a world of pain going in that direction imo.
if it was a BYOD environment that would be a different matter and you should not be responsible for users equipment.
have you thought about 2 copies of ARD one to act as task server
and OXS server to manage the clients, OSX server is a cheap investment
for all the features it includes, although it's worry the way Apple is removing things
none of my users have admin privileges all applications are tested, approved and installed by IT
and are managed by OSX server and ARD, so hopefull I know what;s going on on my network
Generally if you allow it, it will get abused somewhere either deliberatly or acidently and you'll be either spending time finding out what's been happening
or spending time fixing it, time that could be better spent elsewhere
I would say unmanaged clients with admin privileged users would be much more time consuming looking after it tthen deploying managed clients with standard privileged users
in a managed system staff can pick up a macbook and know it's going to work
in an unmangined system staff pick up a macbook and wonder if it's going to work
Currently Being ModeratedAug 30, 2012 7:33 PM (in response to ShiningTitan)
Sorry for the late replies. I've ended up resetting users passwords and installing ARD. I have set a .mobileconfig file off of apple server to limit the use of the "users & groups" prefpane and the "Sharing" prefpane, so they cannot disable remote management. I can check if the authentication has failed if they've used passwd to delete the user.
Thanks for the help