In our environment the students have administrator privileges on their devices and some enterprising individuals have discovered that they can disable SSH and ARD access on their machines. I could just disable the Sharing preference pane but this way I can be sure that SSH and ARD are always running on the students device.
The way that we will ensure that SSH and ARD are enabled is by creating a launch daemon that runs every hour and executes a command to turn the services back on. The method explained below can be used to automate any commands or applications.
- Lingon – $5.99 in the Mac App Store (an app that allows you to easily create launch daemons)
** You can get away without using Lingon by using the attached files below if you wish
- Any tool to create PKG’s that allows you to run a postinstall script
I am using Composer from Jamf but any product will do
- A way to distubute the PKG – An MDM like Casper or even with ARD, you could also bake it into your imaging process
1. Open Lingon and click on New in the top left hand corner
2. Select /Library/LaunchDaemons/ and click on Create
3. We’ll create the LaunchDaemon that starts ARD first. Give the LaunchDaemon a name, a example would be: com.myorganisation.ard
4. In the What field enter the comman below. Note – you will need to change admin to the username of your management account
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -users admin -privs -all -restart -agent
5. Select how often you want the LaunchDaemon to run. I chose every hour but you could have it run once a day or once every few minutes if you wanted
6. Select the Enabled checkbox if it’s not selected already and then click on Save in the top left – You will be prompted for Administrator access to the local machine
7. Now we’ll create the LaunchDaemon to keep SSH running.
8. Give it a name as before and in the What field enter the command below
systemsetup -setremotelogin on
9. As before click on Save
10. Open your packaging program – I’ll be using Casper so my instructions will be for that workflow but it is pretty simple
11. The LaunchDaemons will have been saved to /Library/LaunchDaemons/ – open that folder and drag the new .plists into Composer
This is going to create a PKG that will install the two new .plists to the /Library/LaunchDaemons/ folder on the laptop
12. Expand the PKG in the left hand pane and create a new postinstall script
13. There are only two lines you need to add to the post intall script and they are to load the LaunchDaemons. Of course your script will need to reflect to correct name.
launchctl load /Library/LaunchDaemons/com.organisation.ssh.plist launchctl load /Library/LaunchDaemons/com.organisation.ard.plist
14. Now all you have to do is build and deploy the package to your environment
If you have any questions or comments you can tweet me @jacobcurulli