Apple Remote Desktop 2.2 User Manual

Chapter 2

Setting Up

39

ARD Administrative Access Using Directory Services

You can also grant Apple Remote Desktop administrative access without enabling any
local users at all by enabling group-based authorization. When you use specially named
groups from your Directory Services master domain, you don’t have to add users and
passwords to the client computers for ARD access.

When Directory Services authorization is enabled on a client, the user name and
password you supply when you authenticate to the computer is checked in the
directory. If the name belongs to one of the ARD access groups, you are granted the
access privileges assigned to the group.

You must create groups in the Directory Services master domain named “ard_admin”
and “ard_reports”. The groups have the following management privileges:

Enabling Directory Services Group Authorization

In order to enable group-based authorization for Apple Remote Desktop access, you
create the appropriate groups in your Directory Services’ master directory domain.

To complete this task, you need to be the Directory Services administrator and have
access to your organization’s users and groups server.

Copy items

Use these Manage menu and Server menu commands: Copy Items
and Install Package.

This item must be enabled in order to use the Upgrade Client
Software and Change Client Settings features.

Control

Use these Interact menu commands: Control, Share Screen, Lock
Screen.

This item must be enabled in order to use the Upgrade Client
Software and Change Client Settings features.

Select

To allow administrators to

Privilege

ard_admin

ard_reports

Generate reports

x

x

Open and quit applications

x

Change settings

x

Copy items

x

Delete and replace items

x

Send messages

x

Restart and shut down

x

Control

x

Observe

x

Show being observed

x