Can you force ARD to ask permission before control/observing *AND* still be able to push updates/patches?
Is there a way to force ARD to ask permission before observing/controling a computer AND still be able to push updates/patches to the computer?
I know we can't be the only ones who have this dilemma so I'm hoping someone has a solution.
ARD version 3.
OS 10.6.8 (ARD machine) and 10.6-10.7 client Macs
Each remotely monitored computer has an admin account that ARD uses to inventory and update the machines. Let's call it ADMIN. Of course each computer also has a local (non-admin) account let's call USER.
When USER is logged in, we'd like ARD to always ask permission before observing and/or controlling the computer. We found we can replicate this by removing the ADMIN login and password from the info tab of the computer in question as well as turning on the 'Any guest may request permission' setting. Unfortunately we found this also removes the ability of ARD to start a chat session with the computer - even with the chat option checked on in ARD settings (system preferences). To push updates/patches we have to put the ADMIN account information back into computer info tab.
Basically it boils down to giving the end user the privacy they would like (not being viewed without warning) while they're logged in vs. allowing the IT department to update the computers when necessary.
With the ADMIN login and password entered into the computer's info tab we're able to observe/control without warning. We changed the client settings for that computer via ARD to always request permission but this didn't work while the ADMIN login and password were still entered in the info tab. Once we removed the information we were prompted to ask permission but that's because we were essentially an unknown guest.
It appears to be an either/or situation right now. Either you give the user privacy and always ask permission or you give the IT department the rights to observe a machine and push updates. Because once we put the ADMIN information back into the info tab, we can observe without permission again.
When USER is logged in, always ask permission to control/observe. But still be able to push updates. If ADMIN is logged in or no one is logged in, don't ask to control/observe.
Has anyone found a workable solution for this question?
Apple Remote Desktop-OTHER