Help

Reporting ARD status

Not applicable

Posted on ‎09-20-2010 10:01 AM

I see in the Resource Kit an excellent tool/script for enabling ARD on
a machine. What I'm looking for is a way to determine whether a user
has disabled ARD.

I see "Remote Login" as an option in the Extensions Attributes
templates, but my understanding has always been that "Remote Login"
refers to SSH, while "Remote Management" refers to ARD.

Does anyone have an Extension Attribute for gathering the ARD status
of machines?

I could, of course, create an "always-on" policy that constantly sets
ARD status on every machine during policy check-in using the
enableARD.sh script, but this is overkill and would strain the server
constantly. I just need to know who has ARD turned off.

Any ideas?

Thanks,

Damien Barrett
System Technician
Montclair Kimberley Academy
973-842-2812

0 Kudos
5 REPLIES 5

hkim
Contributor II

Posted on ‎04-04-2013 01:14 PM

Gonna bump this up, has anyone seen a way to gain a computer's ARD status? I'd love to be able to put that through an EA and then make the correct adjustments to those computers.

0 Kudos

pickerin
Contributor II

Posted on ‎04-04-2013 06:02 PM

Here's what I use:

Extension Attribute to Determine current ARD Status:

#!/bin/sh
mvar=$(ps ax | grep -c -i "[Aa]rdagent")
if [ $mvar -eq 1 ]; then
echo "<result>Running</result>"
else 
echo "<result>Not Running</result>"
fi

Extension Attribute for currently defined Admins for ARD:

#!/bin/sh

# Determines if the Remote Management settings are set
# for "All Users" or for "Only these users:" in System
# Preferences' Sharing preference pane

ARD_ALL_LOCAL=`/usr/bin/defaults read /Library/Preferences/com.apple.RemoteManagement ARD_AllLocalUsers`

# Lists all local user accounts on the Mac with a UID 
# of greater or equal to 500 and less than 1024. This 
# should exclude all system accounts and network accounts
# 
# List is displayed if the "All Users" setting is 
# set in the Remote Management settings.

ALL_ID500_PLUS_LOCAL_USERS=`/usr/bin/dscl . list /Users UniqueID | awk '$2 >= 500 && $2 < 1024 { print $1; }'`

# Lists all user accounts on the Mac that have been given
# explicit Remote Management rights. List is displayed if 
# the "Only these users:" setting is set in the Remote 
# Management settings.

REMOTE_MANAGEMENT_ENABLED_USERS=`/usr/bin/dscl . list /Users naprivs | awk '{print $1}'`


if [ "$ARD_ALL_LOCAL" = "1" ]; then
        result=$ALL_ID500_PLUS_LOCAL_USERS
elif [ "$ARD_ALL_LOCAL" = "0" ]; then
        result=$REMOTE_MANAGEMENT_ENABLED_USERS
fi

# Displays list of accounts that have 
# been given Remote Management rights

echo "<result>$result</result>"

I then have a policy that if either ARD is not running, or the admins are incorrect, I fix it. Runs once a day.

0 Kudos

chris_kemp
Contributor III

Posted on ‎04-04-2013 11:53 PM

@pickerin - thanks for sharing! I copied those into my system too - good information to have!

0 Kudos

bentoms
Release Candidate Programs Tester

Posted on ‎08-21-2013 10:45 AM

Oops wrong post.

0 Kudos

McGinn
Contributor

Posted on ‎10-13-2016 11:50 AM

Thanks for this I setup the I got the ARD extension attribute working but its not always reporting correct information.

I have some computers with ARD off even tho it extension attribute is reporting it on. Is their any way for force the extension attribute to update?

0 Kudos