Mass-Upgrade ARD 3.9

Ricky
Contributor

Hello All,

What has been your procedure for upgrading all your machines to the new version of ARD (3.9)? I have tried utilizing the following, but am continuously told that there is no update available.

softwareupdate -d RemoteDesktopClient-3.9.0

Do our machines need to be logged into a valid AppleID to communicate properly with the App Store? That may be our biggest issue with teachers is that they simply don't want to link their personal ID to their work machine—expecting that to change when we rollout Apple Enterprise! But for the time being, this is not an option we can change.

I suppose my next step will be the deployment of Sierra 10.12.2. I see there are compatibility issues with Macs that are on anything less than 10.11.6—all the machines having issues are either on 10.11.5 or 10.11.6 with failure on both.

Should I just push out the .pkg that can be snagged from Apple?

1 ACCEPTED SOLUTION

rcorbin
Contributor II

After upgrading the application we did notice that most clients were showing a “Needs Upgrade” status. If you go into preferences and look under the security tab there is a new option to “Allow communications with older clients”. If you check that box, and then quit Remote Desktop and relaunch it that “Needs Upgrade” status goes away and it looks exactly like it did before. You can then control all machines until you eventually get all up to date clients. At that point you could uncheck that box again.  

View solution in original post

7 REPLIES 7

rcorbin
Contributor II

Is there an urgent need for you to mass upgrade ?

Ricky
Contributor

@rcorbin, yes I would say there is. We are a small IT Department (5 individuals) that need to service over 3500 machines across 15 different locations. The more we can control, upgrade, and troubleshoot remotely the better.

rcorbin
Contributor II

After upgrading the application we did notice that most clients were showing a “Needs Upgrade” status. If you go into preferences and look under the security tab there is a new option to “Allow communications with older clients”. If you check that box, and then quit Remote Desktop and relaunch it that “Needs Upgrade” status goes away and it looks exactly like it did before. You can then control all machines until you eventually get all up to date clients. At that point you could uncheck that box again.  

AVmcclint
Honored Contributor

I found that sometimes it may take a while before computers will see any software update right after they come out. What I did was to make a check-in policy to just run softwareupdate -d -a and then a subsequent command to install the update. HOWEVER, a more consistent method would be to download the pkg from here https://support.apple.com/kb/DL1909?locale=en_US and push it out to all Macs with a command to run after the installation to restart the kickstart process.

As far as the scope... instead of making an EA, I just added /System/Library/CoreServices/RemoteManagement to the Software Inventory collection. As Macs do their daily inventory they report the version of the ARDagent.app and I scope accordingly. One thing I discovered is if you have a Mac running El Capitan and install ARD agent 3.9, THEN at a later time upgrade to Sierra, the ARD agent will get downgraded and you'll have to upgrade the agent again.

ncottle
New Contributor III

@Ricky @rcorbin We were in the exact same boat. Shop of 4 techs with 5100 machines. We found the option that rcorbin suggested, clicked it and haven't looked back. Everything runs great now. Actually had less issues with my machine upgraded and the others that aren't. Hopefully that works for you.

gskibum
Contributor III

A positive side effect of checking on the “Allow communications with older clients” box was that it greatly sped up the amount of time it takes to open a remote window. Before I checked that box it took a very long time to open a window on a remote system, if it was even successful at all. This problem was for all versions of the OS, regardless of being eligible for the 3.9 client.

donmontalvo
Esteemed Contributor III

Apple's KB HT207526 covers enabling that box.

Can be set/managed using defaults or Config Profile, accompanying the Jamf policy, although I wonder if the "less secure" mantra means there are new security capability in 3.9 that wasn't there for older versions, making the warning only relevant to 3.9 clients. The key would be ignored if its not expected by older versions of ARD to be there:

/usr/bin/defaults write /Library/Preferences/com.apple.RemoteManagement allowInsecureDH -bool TRUE

An EA to determine major.minor version of Apple Remote Desktop, if installed, or report NotInstalled if not installed:

#!/bin/sh
if [ -d /Applications/Remote Desktop.app ]; then
    echo "<result>$( defaults read /Applications/Remote Desktop.app/Contents/version.plist CFBundleVersion | cut -f1-2 -d"." )</result>"
else
    echo "<result>NotInstalled</result>"
fi

Then a Smart Computer Group (SmCG) to scope to anyone who has Apple Remote Desktop 3.9x (the whole range 3.9 through 3.9.9 since it only looks at the major.minor parts of the version) installed:

516061a64c1740eca81da2de2e68043d

Leveraging semantic versioning using granular Extension Attributes gives you a much greater level of scoping control than using built in fuzzy logic where more precise logic isn't available.

That's what we do, right...control stuff? :D

--
https://donmontalvo.com