myrkridianrhapspody

Q: ARD Settings via Profile Manager

Hello all,

 

Trying to solve an issue here. At my current institution, all users are local admins. This means they can pretty much change anything on the machine, except that I have profile manager pushing settings to the machines which they cannot change. Thus, I was hoping to have all of the settings that I don't want them to be able to override coming from profile manager. This has worked pretty well, and I have found the "configure custom settings" option in Profile Manager to be super helpful here. On to my question: a small number of users turn off Remote Management in system preferences because they they don't like the idea that I can remote in to any machine. It isn't really up to them (as their admin it's kind of up to me) but at this point I haven't been able to stop them. I was really counting on the fact that I could configure a custom setting for the ARD agent that would prevent them from turning anything off. My searching however has caused me to conclude that the ONLY way to create settings for the ARDagent (other than from the GUI in System Preferences > Sharing) is to use the kickstart command via the command line. This just seems kind of impossible to me, as I would expect there to be a plist somewhere that contains this information that I can push out to all machines and lock in place. Wondering if anyone has any ideas on this. Thanks!

Posted on Oct 8, 2015 7:31 AM

Close

Q: ARD Settings via Profile Manager

  • All replies
  • Helpful answers

Previous Page 2
  • by Alan Ramos,

    Alan Ramos Alan Ramos Nov 16, 2015 11:59 AM in response to cdhw
    Level 1 (5 points)
    Nov 16, 2015 11:59 AM in response to cdhw

    I'm not budging on hiding scripts.  There is a clear need to manage the system by the department responsible for doing so here.  Stating or quoting policy is secondary to the goal of getting these computers managed. The script should be out of reach and preferably out of view of end users or they'll sudo rm -rf it off the hard drive.  If they're savvy enough to know what to look for an find it they'll remove it.

     

    I don't think I would waste my own time warning people not to push the big red button.  Put the button out of reach and behind lock and key- on your own authority to do so as IT.

Previous Page 2