Enabling directory services group authorization, Apple remote desktop guest access – Apple Remote Desktop 3.1 User Manual
Page 66
66
Chapter 5
Understanding and Controlling Access Privileges
Method #2
You can create groups with special names that correspond to the privilege keys
above: ard_admin, ard_reports, ard_manage, and ard_interact. The corresponding
privileges are automatically assigned to these specially named groups. If you have
already created these groups for use with Apple Remote Desktop 2, they will continue
to work as expected with Apple Remote Desktop 3.
Enabling Directory Services Group Authorization
In order to enable group-based authorization for Apple Remote Desktop access, you
create the appropriate groups in your Directory Services master directory domain.
To complete this task, you need to be the Directory Services administrator and have
access to your organization’s users and groups server.
To enable Apple Remote Desktop authorization by group:
1
Use one of the methods in the section “Creating Administrator Access Groups” to
create groups with Apple Remote Desktop access privileges assigned to them.
2
Add users to the groups.
3
Make sure the client computers to be administered are bound to your directory system.
4
Set the clients to use directory authorization by using the Change Client Settings
feature or make a custom installer.
5
Choose to enable directory-based administration on the clients using Directory Access
found in /Applications/Utilities/.
Apple Remote Desktop Guest Access
You can configure an Apple Remote Desktop client to give temporary, one-time access
to an Apple Remote Desktop administrator who does not have a user name or
password for the client computer. Each time the Apple Remote Desktop administrator
would like to control the client computer, he or she must request permission from the
remote client’s user.
WARNING:
Granting access to control a screen is the most powerful feature in Apple
Remote Desktop, and can be equivalent to unrestricted access.