Installation manual
Chapter 5 Understanding and Controlling Access Privileges 73
<string>staff</string>
</array>
<key>ard_admin</key>
<array>
<string>my_admin_group</string>
</array>
<key>ard_reports</key>
<array>
</array>
</dict>
</dict>
</array>
</dict>
</dict>
</dict> </plist>
This example attribute denes four privileges, although any of them may be left out.
For more information about using Workgroup Manager, and Open Directory, see
Workgroup Manager Help and Server Admin Help.
Method #2 You can use predened local groups with names that correspond to the
privilege keys above: com.apple.local.ard_admin, com.apple.local.ard_interact, com.
apple.local.ard_manage, and com.apple.local.ard_reports. The corresponding privileges
are automatically assigned to these specially named groups.
Enabling Directory Services Group Authorization
In order to enable group-based authorization for Apple Remote Desktop access, you
create the appropriate groups in your Directory Services master directory domain.
To complete this task, you need to be the Directory Services administrator and have
access to your organization’s users and groups server.
To enable Apple Remote Desktop authorization by group:
1 Use one of the methods in the section “Creating Administrator Access Groups” to
create groups with Apple Remote Desktop access privileges assigned to them.
2 Add users to the groups.
3 Make sure the client computers to be administered are bound to your directory
system.
4 Set the clients to use directory authorization by using the Change Client Settings
feature or make a custom installer.
5 Choose to enable directory-based administration on the clients using Directory Utility
(in /Applications/Utilities/).