Enable administrator access groups

Path

Computer Configuration > Policies > Centrify Settings > Mac OS X Settings > Remote Management > Enable administrator access groups

Description

Allow all users who are members of the following Apple Remote Desktop administrator groups to access this computer using Apple Remote Desktop.

Before enabling this group policy, you should create each Active Directory security group you intend to use and add a UNIX profile for each group to the zone, using the exact UNIX group names (ard_admin, ard_reports, ard_manage, ard_interact).

Note:   Creating UNIX profiles with these group names displays a warning message because the names are longer than 8 characters. You can safely ignore this warning message.

Enabling this policy allows users in the following groups to manage Mac computers through Apple Remote Desktop:

  • ard_admin gives all members of the group the ability to remotely control the computer desktop.
  • ard_reports gives all members of the group the ability to remotely generate reports on the computer.
  • ard_manage gives all members of the group the ability to manage the computer using Apple Remote Desktop. Users in this group can perform the following tasks by using Apple Remote Desktop:
    • Generate reports

    • Open and quit applications

    • Change settings

    • Copy Items

    • Delete and replace items

    • Send text messages

    • Restart and shut down

  • ard_interact gives all members of the group the ability to interactively observe or control the computer using Apple Remote Desktop.

    Users in this group can perform the following tasks by using Apple Remote Desktop:

    • Send text messages

    • Observe

    • Control

This policy can take effect dynamically at the next group policy refresh interval without rebooting the computer.

See Setting up local and remote administrative privileges for information on how to use this group policy with the Map zone groups to local admin group policy to enable both local and remote administrative access for the same group of users.