Apple Remote Desktop - anyone use it?

Discussion in 'Apple Desktop Hardware/Software' started by Zee, Nov 8, 2018.

  1. Zee

    Zee Member

    Joined:
    Oct 27, 2002
    Messages:
    9,865
    Location:
    SYD/MNL/SIN/SFO
    Is it any good? Currently deploying a bunch of Macs for the GF’s company, and wanting to know if this is a reasonable alternative to someonething like TeamViewer.

    Don’t really have the appetite to cough up thousands a year for maybe 10 remote logins a year.

    Other good alternatives? VNC variations, I guess?

    Z...
     
  2. flu!d

    flu!d Ubuntu Mate 16.04 LTS

    Joined:
    Jun 27, 2001
    Messages:
    11,921
    I told Teamviewer to stick it after it became obvious they spy in order to determine whether your usage is corporate or not, I refuse to pay their ridiculous licensing. I now use AnyDesk and haven't had a single issue with the free version, best of all it supports Linux, macOS and Windows.
     
    Zee likes this.
  3. OP
    OP
    Zee

    Zee Member

    Joined:
    Oct 27, 2002
    Messages:
    9,865
    Location:
    SYD/MNL/SIN/SFO
    Sweet - I'll give it a shot. Thanks for that.

    Z...
     
    flu!d likes this.
  4. flu!d

    flu!d Ubuntu Mate 16.04 LTS

    Joined:
    Jun 27, 2001
    Messages:
    11,921
    No worries my friend, I did a lot of research before deciding to use AnyDesk and it hasn't let me down yet. One of my considerations was that the remote access software had to support all platforms, it even supports Android and I assume iOS.
     
  5. [KEi]SoVeReIgN

    [KEi]SoVeReIgN Member

    Joined:
    Feb 20, 2002
    Messages:
    8,137
    Location:
    Sydney
    No one should really be using ARD in production.. No takeover notification to the user, no prompts to the user, no access control, no logging, no accountability and scarily most people seem to run it in unencrypted mode.
    You can poorly implement some features with some custom scripting, but overall it’s horrible from a security/compliance perspective
     
    Zee likes this.
  6. OP
    OP
    Zee

    Zee Member

    Joined:
    Oct 27, 2002
    Messages:
    9,865
    Location:
    SYD/MNL/SIN/SFO
    Thanks again for this one, mate. Just tried it in a desperate situation from the airport to try and get something sorted out back at the office.

    It was really smooth and worked brilliantly. Having phone/tablet apps for ios and android mean I can bail out the office at pretty much a moments notice.

    Thanks again!

    Z...
     
    flu!d likes this.
  7. flu!d

    flu!d Ubuntu Mate 16.04 LTS

    Joined:
    Jun 27, 2001
    Messages:
    11,921
    No problem my friend! I do the exact same thing all the time, works great with dual monitors also.
     
    Zee likes this.
  8. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    33,854
    Location:
    Brisbane
    Apple Remote Desktop is VNC. You just need a VNC client that supports the encryption/authentication extensions Apple use.

    Under Linux, I can connect to it with Remmina. There's a handful of VNC clients for Windows that support it (I forget which, but Google should assist you).

    I loathe TeamViewer for a bunch of reasons (very poor history with security). Apple Remote Desktop can be controlled by most corporate management software, tools like Puppet, and Apple's own Server management tools. It's quite competent and default. I'd stick with that unless you have a serious reason not to.

    I'm genuinely not sure what the defaults are, but we roll it out so that only corporate admins (AD bound) can connect to it, it's encrypted, and all authentication is logged and timestamped like any logon (local, SSH, ARD all logged to the same place). That's all controlled by Puppet in our environment.

    No user notification is certainly a worry outside of the corporate environment, but our users are told to assume anything on a work-provided screen is considered property of the business, so privacy issues are moot in our limited circumstance.
     
    Zee likes this.
  9. OP
    OP
    Zee

    Zee Member

    Joined:
    Oct 27, 2002
    Messages:
    9,865
    Location:
    SYD/MNL/SIN/SFO
    Our staff sign their contracts with full knowledge that they are monitored - it’s written into it.

    We’ve had too much time and bandwidth wasted on FB/insta/etc. crap.

    Thabks for the info on this, too.

    Z...
     
  10. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    33,854
    Location:
    Brisbane
    Fairly standard in most businesses. That's been in my contract in every job I've had since the late 90s.

    We provide free WiFi to staff and clients if they need to do personal things, and anyone is welcome to use that from a personal device if they want privacy.
     
  11. flu!d

    flu!d Ubuntu Mate 16.04 LTS

    Joined:
    Jun 27, 2001
    Messages:
    11,921
    I've never had enough physical time to simply 'surf the web and screw with social Media' as an employee at work.

    Working for myself is a different matter, but only after all the work's done and dusted.
     
  12. OP
    OP
    Zee

    Zee Member

    Joined:
    Oct 27, 2002
    Messages:
    9,865
    Location:
    SYD/MNL/SIN/SFO
    Hiring staff - more fun in the Philippines!

    Z...
     
    flu!d likes this.
  13. flu!d

    flu!d Ubuntu Mate 16.04 LTS

    Joined:
    Jun 27, 2001
    Messages:
    11,921
    Thanks Zee. I'll keep it in mind but honestly I think my days as an employee are over. I don't make as much money working for myself as I was in my previous role as an employee, but I just find it so much more rewarding and as a result I'm just so much happier.

    Plus it wasn't good when my GP told me my resting heart rate was 120BPM....
     
  14. OP
    OP
    Zee

    Zee Member

    Joined:
    Oct 27, 2002
    Messages:
    9,865
    Location:
    SYD/MNL/SIN/SFO
    I agree - I much prefer self employment.

    Though I meant hiring local staff for the company we have in the Philippines (bit of a piss take of the "It's more fun in the Philippines" advertising campaign). The locals have had a shit of a time over the last 400 odd years, resulting in a very interesting work ethic...

    Z...
     
    flu!d likes this.
  15. [KEi]SoVeReIgN

    [KEi]SoVeReIgN Member

    Joined:
    Feb 20, 2002
    Messages:
    8,137
    Location:
    Sydney
    Great, but none of that exists out of the box, like I said.

    Also good luck with “work provided screen = we can literally watch everything you do” - I don’t think that’s been properly tested in court, it’s a much bigger deal than watching company carriage/communications. Every remote control implementation I’ve ever worked on in a corporate envinronment has required user sign off. (From 100 devices to 50,000+)
     
  16. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    33,854
    Location:
    Brisbane
    OP is doing this for a company rollout, which is why I explained how mine works, and what I do in a company environment. If people are using it for home, they should consider themselves adequately forewarned.

    Mandated by my management and HR. Not an IT problem, so I do what I'm told.

    It's been the same story for the last half dozen businesses I've worked for. My guess is you've probably got something similar buried in your own work contract (maybe in not as many words, however we have a combination of screen, camera and electronic/logging/text/email surveillance capabilities that all staff are informed of). Regardless, not my problem, nor an IT department problem. It's a HR/management thing, like anything personnel / privacy / legislation related. I am nothing but the blunt instrument of the business.

    I've worked in 2 environments where screen monitoring was not allowed, and in both circumstances they were single business unit exceptions, not business wide. Both fell under exceptional security remits governed by upstream compliance.

    But by the numbers they were the exceptions, and the rest of the business used standard remote access tools, some of which notified the user, some of which didn't, none of which was ever seen as an issue of contention that I saw (doesn't mean it didn't happen). But again, had anyone had issue with it, IT would have redirected those people to HR, because it's a people problem, not a technology problem. If HR/management orders us to change the software for privacy reasons, we'd do as we were instructed.
     
    Zee likes this.
  17. flu!d

    flu!d Ubuntu Mate 16.04 LTS

    Joined:
    Jun 27, 2001
    Messages:
    11,921
    I've worked at businesses where a VPN is configured along with an RDP connection allowing workers to access their terminal from home in order to work when away from the office, it's actually quite a widely utilized feature of Windows servers - And I hate Windows servers, yet I have to say the feature works quite well.

    As long as the RDP or VNC port isn't forwarded to the outside world, I don't really see much of a problem.
     
    Zee likes this.
  18. aokman

    aokman Member

    Joined:
    Jul 12, 2001
    Messages:
    12,337
    Location:
    Melbourne
    I use Screenconnect and never had any issues with macs :)
     
    Zee likes this.
  19. OP
    OP
    Zee

    Zee Member

    Joined:
    Oct 27, 2002
    Messages:
    9,865
    Location:
    SYD/MNL/SIN/SFO
    And yet, we found two staff members today watching movies on VLC, and downloading torrents, on company PC’s, and company time.

    We discovered this because their productivity dramatically dropped by over 50%, and management were all like “WTF?”.

    Z...
     
    Last edited: Nov 14, 2018 at 12:40 PM
  20. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    33,854
    Location:
    Brisbane
    Again, not an IT problem. It might be up to us to put the technology in to monitor these things, but ultimately we are not judge, jury and executioner. Those roles belong to management and HR.

    BUT

    Human behaviour sits on a bell curve. Whether it's intellectual capacity or social behaviour. You'll have a small percentage at the top of fiercely loyal employees who do anything for the company, and the majority in the middle that just do what's required in return for a paycheque, abiding by the rules. Then you'll have a small percentage at the bottom who have an entitled viewpoint on life, and think they can do whatever they want with no repercussions.

    Important to remember that they are a very small minority. It's easy to blow it out of proportion, because at humans we're bad at judging risk (we tend to over-inflate things that are unusual or annoying as a self-protection mechanism - it's why people are afraid of flying in aeroplanes, despite it being objectively thousands of times safer than driving in cars. Ditto for the world's fear of "terrorists", who by the numbers kill a million times fewer people than legally owned firearm accidents).

    You will *always* have these people in businesses, but they will *always* be the minority. Little you can do about it, other than put in policies so that when it comes time to firing them, you've got a legal leg to stand on.

    But again, none of that is a technology problem. It's at the discretion of HR and management to deal with that.

    Where I work, we have HR/management mandated policies that require logging and blocking of things like torrents and certain streaming services. Most people on that bottom end of the social behaviour spectrum give up pretty quickly when they figure out it's blocked (as they're typically pretty lazy too), and the problem largely goes away. For those that don't, management can, at any time, request a report detailing what activity comes from a given user/machine. It's rare to be asked for that, but it does happen once in a blue moon. Typically by that stage there's little doubt as to what's going on, and often it's other business-facing issues (performance drops, complaints from staff) that has led to that point.

    The vast majority of staff never witness or experience any of that, nor are concerned with the monitoring in place. Especially in 2018 if you want to goof off on Facebook on your lunch break, your personal phone and 4G connection allows you to do that in "privacy" (ironic, considering the lack of privacy most social media offers). Those who choose to do it on company time and resources aren't typically the brightest sorts.
     

Share This Page