ShellShock Ard Agent - Altiris Agent

Hi All,
can ARD agent and Altiris agent be exploited using shellshock bug on an unpatched client?
Thanks,
Federico

To exploit ShellShock the atacker has to gain unauthorized access to your system in a way that involves bash being in the execution path.
For example a web server allows unauthorized users to access web pages, but for ShellShock the web server would need to provide server side CGI scripts, AND those CGI scripts would need to run bash scripts, or use bash to invoke the CGI script.
Or the Mac would have to allow anonymous ssh logins (for example, a GITHub source code control system distribution server).  Not many users do this, and those that do are rather knowledgeable software developers, or Unix administrators.
The final known vector is the Common Unix Printing System (CUPS) via the web interface, which on Mavericks is disabled by default, and would need to be enabled via a Terminal command line command with administrator authentication.
All of the above are unlikely for the typical Mac user.
And as far as I know ARD uses authentication to access the Mac clients. I would assume Altiris also requires authentication to access the Mac clients.  Otherwise those Mac clients have worse problems than ShellShock if fellow students could use ADR to access their classmate's systems.

Similar Messages

  • Big problem with ARD agent and versions.

    This is going to be a bit lengthy so please bear with me. At my company I'm in charge of our 6 production G5 computers. My boss has permitted me to install ARD on them so that I can run the specialty programs we have on one without having to walk all the way across the department time and time again. The computers are from varying times in terms of processor speed and RAM but they are all running the same OS with all the same updates. All were running the ARD 3.0 Agent as it was in an update from apple not too long ago. I have uninstalled the agent and used a custom client install pack from ARD 2.2.
    My computer is a dual 2GHz G5 and is the oldest of the 6. (here on referred to as Mac2) The other computer with problems is a dual 2.5GHz G5 and is called Mac7.
    Mac2 is supposed to have the admin program on it, and I can install it but the program fails to start because it was either installed wrong or the computer needs a restart. I had this same error on my laptop at home but that is a MBP which is Intel. To solve the problem on intel computers i've been told to remove the remote-management folder from core-services and let ARD reinstall it on launch. This has not worked for the G5 at work. Furthermore at one point i could get control of Mac2 remotely from another computer, but after trying to reinstall the admin program again I cannot do that anymore. Even if i reset all ARD software and use the custom client install .pkg again.
    As for Mac7, that computer was being run with the 3.0 agent on it and i could connect fine but couldn't lock the screen because of the mismatch. I did the exact same uninstall and reinstall of the ARD Agent that I did on the other computers and now I can't access that one either.
    At the very least I need to be able to control these two computers, and I would like to have the Admin software work on Mac2 if possible. I see no reason why these problems should be occurring.
    All systems are running 10.4.10 and have no third party remote software installed on them. On both Mac2 and 7 the ARD menu drop-down is showing as not active. All sharing preferences have been set right and there is no firewall. All accounts on both computers have been given all the rights possible for control.
    If anyone has any advice please reply to this.

    OK, I am still a bit confused - Mac2 is your computer, the one on which you want run the admin app to control other computers, correct? If ARD 2.2 will not start on that one, does it give an error message? I really suspect there are traces of 3.x agent causing the trouble, as I have had this problem myself. In essence, if you have version 2.2 admin, there is no reason to have 3.x agent for any reason whatsoever, it will just cause problems both on the admin and client side since Apple completely rewrote the way it works.
    And, based on the first paragraph of your initial inquiry, I wonder if ARD is worth the trouble anyway, since it seems you could accomplish what you need with a simple VNC viewer (my up and coming favorite is JollysFastVNC). If you can't connect with a simple VNC viewer, you also won't be able to use ARD, as it's an extension of the VNC protocol.
    However, if you want to make this work, let's work on Mac2 - follow the instructions at this page, down at the bottom: http://docs.info.apple.com/article.html?artnum=108021
    It says: "Mac OS X 10.2 clients" but it's also the correct procedure for a complete and clean removal in 10.3 and 10.4
    Then reinstall ARD 2.2 admin (you may have an earlier version installer, then install the admin updater). Don't mess with your custom client installer stuff. Just install the 2.2 admin app, and it will install the client it needs. I think this will make Mac2 work for you.

  • ARD agent keeps relaunching

    As discussed here: http://discussions.apple.com/thread.jspa?messageID=7866406
    ARDAgent keeps crashing with errors similar to these (I don't have access to that specific machine log at the moment, but this sample is similar to what i saw in the console of the affected machine)
    ~~~~~~~~~
    THIS IS NOT MY LOG -
    it is copied from link above - intended to be illustrative of the issue I am having - will post my log when possible - it is quite similar to this one but I can not give specific differences as the machine is not avaialble at this time
    ~~~~~~~~~
    "28/07/08 3:14:33 PM ARDAgent 2613 ******ARDAgent Ready******
    28/07/08 3:14:33 PM com.apple.RemoteDesktop.agent2613 LOG: database system was shut down at 2008-07-28 15:14:25 WST
    28/07/08 3:14:33 PM com.apple.RemoteDesktop.agent2613 LOG: checkpoint record is at 0/7C38D4
    28/07/08 3:14:33 PM com.apple.RemoteDesktop.agent2613 LOG: redo record is at 0/7C38D4; undo record is at 0/0; shutdown TRUE
    28/07/08 3:14:33 PM com.apple.RemoteDesktop.agent2613 LOG: next transaction id: 480; next oid: 16886
    28/07/08 3:14:33 PM com.apple.RemoteDesktop.agent2613 LOG: database system is ready
    28/07/08 3:14:36 PM ARDAgent 2613 Exiting because bind error is not EADDRINUSE.
    28/07/08 3:14:36 PM com.apple.launchd178 (com.apple.RemoteDesktop.agent2613) Stray process with PGID equal to this dead job: PID 2619 PPID 2617 rmdb
    28/07/08 3:14:36 PM com.apple.launchd178 (com.apple.RemoteDesktop.agent2613) Stray process with PGID equal to this dead job: PID 2617 PPID 2615 rmdb
    28/07/08 3:14:36 PM com.apple.launchd178 (com.apple.RemoteDesktop.agent2613) Stray process with PGID equal to this dead job: PID 2615 PPID 1 rmdb
    28/07/08 3:14:36 PM com.apple.launchd178 (com.apple.RemoteDesktop.agent2613) Stray process with PGID equal to this dead job: PID 2614 PPID 1 AppleVNCServer
    28/07/08 3:14:36 PM com.apple.launchd178 (com.apple.RemoteDesktop.agent) Throttling respawn: Will start in 7 seconds
    28/07/08 3:14:43 PM ARDAgent 2623 ******ARDAgent Launched******
    28/07/08 3:14:43 PM mDNSResponder31 Client application registered 2 identical instances of service sctxsvr01.net-assistant.udp.local. port 3283.
    28/07/08 3:14:43 PM ARDAgent 2623 TCP_ReadThread: bind failed with errno 48 and error: Address already in use
    28/07/08 3:14:43 PM ARDAgent 2623 ******ARDAgent Ready******
    ...And this keeps just going on round and round ....."
    The ARDAgent process launches shortly after login. Spirals to about 90% processor. Fails. Re-spawns. Repeat. Watched via TOP on an SSH link and saw it does not matter if there is an active ARD/VNC session. As suggested in the link above, running ARD specific tasks will tend to fail (unless they are QUICK) but the VNC session will run - very choppy but better than no GUI access.
    This malfunction slows the machine to a crawl eventually, making it hard to use for basic use of the MS Office Suite, Meeting Maker and Safari. (The machine has 40gB+ free space and 2GB ram. 1.7Ghz Core2Duo).
    The Window in my ARD session management gets broken - so regardless of choosing screen 1 or 2, i'll see both but at maybe 70% the "Both" size if I'd just left the setting to show both screens. Once the pulldown is toggled the remoe screen display is mangled as noted for the rest of the session.
    Deleted the malfunctioning account temp files in var/folders and renamed the library folder. Upon login I got a delayed login (presumably while the dock and other processes put their temp files back) and a fresh library folder. But no fix on the problem.
    the second account on the machine is not affected by these issues. ARDagent works normally if logged out of the "bad" account and into the "good" one.
    This user was Migration Assistant moved from 10.5.6 MacBook air to 10.5.6 MacBook. Only the user, not ADMIN account was migrated. Problems did not manifest immediately. Hard to say how long it took as this user does not promptly report problems. I last logged in about 30 days ago and all was fine.
    The issue correlates with TimeMachine failing to backup any longer several weeks ago. If you get enough activity on the machine when this process is misbehaving it basically freezes and requires a force reboot (not sure if shell access was still available when that occured as was away from the office and supporting via telephone). Not sure if time machine is now fixed but after moving the users data into the new account spotlight indexing completed normally and all looks stable in top/Activity Monitor.
    No new software appears to have been added to the machine between it working and not OUTSIDE OF standard Auto Updates to pre-existing software - Any Apple updates (besides 10.5.7 which is not installed) between March 1 and May 17 were run. As well as MS Office 2004 and 2008 updates. Camino updates. Firefox updates. The User Login items for the malfunctioning account only show Microsoft Office items.
    Cocktail was used to clear all system caches. Remove "malicious" files. And rebuild permissions. And to scan for 'corrupt plist files' to no avail.
    In any case - seems like there is some simple solution - sure seems like a bad user specific plist file or cache somewhere to remove. Abandoning the user account and recreating it is a painful fix...esp. when the machine is 3 time zones away!
    Any insight for a less dramatic and time consuming fix is apprecated. Will post my console report when possible.

    AFAIK, ARD's buried inside /System/Library/CoreServices/RemoteManagement/ and you could try removing it. Doesn't autolaunch here, but then I'm not on a network.

  • ARD Agent not running on Snow Leopard

    Hi. One of my servers which usually I could connect to remotely by ARD has stopped responding to ARD or VNC. it just shows up as an IP Address in the ARD Admin. I looked at processes on the server and ARDAGENT is not running. Tried reinstalling ARD client, removing ARD preferences files. Cant seem to sort it. Its a working server so cant just reinstall system on it.

    We experienced the same issue on an XServe after upgrading to 10.6.6 form 10.6.5. Weeks of searching the Internet turned up nothing, except other users experiencing the same problem. Finally got it working again by doing the following:
    1) Turn off Remote Management in System Preferences
    2) Remove /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAg ent
    3) Re-Install Remote Desktop Client from the Apple Installer here: http://support.apple.com/kb/DL1350
    4) Enable Remote Management in System Preferences
    5) Reboot
    Step 5 probably is not required, but I wanted to make sure the service would run without intervention. I had some success before with running ARDAgent from the command line over ssh to get Remote Desktop working, but it really wasn't a good solution.
    Good luck, hope this helps.

  • Apple Remote Desktop Update w/o ARD

    Software Update pops up "Apple Remote Desktop Update 3.3.1" on both of our Macs. We do not have Apple Remote Desktop on either computer. I am in the habit of installing any update that shows up but this one is a puzzle. I guess it wouldn't hurt to click install since it wouldn't find anything to update. What goes?
    Bob

    In every Mac, there's a component called ARD Agent. What it does is that it allows your computer to be added onto a Apple Remote Desktop list. That update updates the agent because when Apple releases a software update for the real Apple Remote Desktop, the other components need to be up to date as well in order to work properly. I don't know if this is the correct explanation, but I guess this is roughly how it works.
    Message was edited by: I love my macbook!!!!

  • ARD crashes every few seconds

    I have recently noticed that I have an 11GB crash log for ARDAgent on a Panther server. When try to access the server over ARD I get a message saying that it is reconnecting every few seconds. ARD states the version as 3.1 and gives information about the server but it's status is VNC On. Which is strange because VNC access is switched off!
    I'm now deleting the crash log daily and ARD access is pretty unusable. I have all ARD options enabled except VNC, and there are no firewalls switched on between client and server.
    Other Macs on the network continue to work with ARD just fine.
    Any ideas?
    Chris.

    Now reolved, following the guidance from Brian Nesse in the thread "ARD Agent continually crashing".

  • Update of ARD "Info" Field  w/ Serial#

    Trolling through the forums I was able to find a true ARD gem. Placing the Serial # of a machine into one the the info fields of the sharing console.
    Below is a code snippet from Joel. D. Reid which is excellent on the 10.5.8 machines, but does not run on 10.4.11 (tiger) Can anyone offer a 10.4.11 solution that is similar?
    /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/ki ckstart -configure -computerinfo -set2 -2 "$(system_profiler SPHardwareDataType | awk '/Serial Number/{print $NF}')" && sleep 2 && /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/k ickstart -restart -agent -console ;
    Any help would be much appreciated.

    Just have a couple thoughts. I've had better luck with using kickstart proper than defaults for changing ard info fields and actually having the agent recognize the change. Also, if you're able to get it to update via kickstart, you could just append that to your script. I routinely send the following via Send UNIX Command as root for at-a-glance access to the serial number:
    /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/ki ckstart -configure -computerinfo -set2 -2 "$(system_profiler SPHardwareDataType | awk '/Serial Number/{print $NF}')" && sleep 2 && /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/k ickstart -restart -agent -console ;
    The 'sleep 2' was tacked in as sometimes kickstart apparently exits before it's actually done. The consecutive commands are appended using && rather than ; so the agent restart step isn't done unless the -setX -X one succeeds. Also note that if all works as planned, the ARD task never actually finishes as you're interrupting the remote ARD agent mid-stream; just wait for the clients to all return "Starting..." twice and then hit stop on that active task.
    In any case, you can change the -set2 -2 to choose an info field, then substitute in your Foo commands in place of "$(system_profiler SPHardwareDataType | awk '/Serial Number/{print $NF}')"
    Hope that helps some. Let us know how you've made out.
    Cheers, Joel

  • Prevent ARD from quitting - auto relaunch ARD

    I have brought this up in the past and it didn't get answered.
    Now I may have stumbled onto a solution.
    We have chosen to allow our users to run their Macs as secondary administrators. Their account is not the first account that is created when a new Mac is registered, that is the IT account and we set the root password before deploying. We also configure ARD for our remote support purposes.
    Some 'clever' users have decided they can turn off ARD.
    We disagree. ARD is our decision and we want the tools to control ARD under the hood to make this happen without being subjected to SSH and the exact same problem.
    What I have come up with and plan to test, is a method of adjusting the startup of ARD to relaunch if for any reason it has quit, much like a Bind-named scenario. And there's a utility called LINGON that gives you access to mess with these settings.
    Comments or Suggestions?
    Any Mac OS X (10.4)
    Any   Mac OS X (10.4)  

    Using Lingon I created an entry in the System Daemons for 'com.apple.kickstart' to 'RunAtLoad.'
    Using the command line remarks for lauching kisckstart I created ProgramArgument entries for the following-each on a separate line:
    /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/ki ckstart
    -activate
    -configure
    -access
    -on
    -users admin
    -privs
    -all
    -restart
    -agent
    -menu
    Also, placed an entry in the service description field as 'kickstart'
    Now what I need is a reliable Miscellaneous calendar event or pid monitor to regenerate the Load.
    If we used a pid monitor I imagine we would need to edit something so that the ARD agent is launched and instructed to put a pid file in /var/run to be monitored?
    Looking for suggestions and comments - instruction.
    XServe G4

  • ARD 3.1 and ARD Not Active on Clients

    I have ARD 3.1 installed on a PPX X-serve running 10.4.8. The client I am managing are core duo minis also running version 3.1 and 10.4.8.
    Lately when ever I try to see the clients throuh ARD I get the message that ARD isn't active on the client or the client is offline.
    I tesetd this on site and ADR is enabled on all the clients and all had working ip connections.
    Any ideas where to start?
    Thanks,
    Eric

    Yea same here....our machines (250) can be sitting at the login windows and ARD is running and I can do pretty much anything with them that I want using ARD on them. Thats on a local network though....not using wireless, not that should matter though. Also using ARD 3.1.
    When you have users logging off at the clients ARD Agent or something with ARD shutsdown for a moment until the machine gets back to the login window and then the Agent should restart and be waiting for ARD like normal again.
    Thanks,
    Dan

  • Remote Desktop repeatedly installs ARD Client for standard users...

    ARD 3.2 running on OS 10.5.4 on MacBook Core2Duos...
    These are machines imaged from an asr disk image...
    No issues with admin users...
    Every time Remote Desktop is launched by a standard user, a admin user name / password is required and the Apple Remote Desktop Clint is reinstalled. After, ARD runs normally until it is quit and relaunched, even without a user logout...
    Making the standard user an admin user resolves the issue. The issue returns when the admin right are removed from the user...
    Have run permission repairs, removed and reinstalled Remote Desktop, manually checked permissions, etc...
    It appears that from the standard user perspective, the ARD Client software needs to be updated. ...
    Any ideas out there? I have to deploy these machines NOW and I am running out of ideas on this...
    Thank you! Les

    Dave,
    Thank you for the ideas. While you are pretty much correct in what you have said, these are unfortunately not my issue(s). I wish they were!
    1) ARD will run fine for a standard user (at least it did in Tiger) as long as it is properly setup and licensed by an admin user ahead of time (especially the entry of the license code). This I have done, and the license code is recognized just fine. I too thought of the promote / demote idea and have tried it. While promoted, it launches fine for the user, but upon demotion goes back to reinstalling the ARD Agent at each launch of the program (this install process does not run while the user is promoted)...
    2) The systems are from the same disk image. However, I have given system its own unique, valid, legally purchased serial number. Though the program is loaded on the image, it has been installed only. It is not run or licensed on the master, only on the end-user client machines...
    It appears to me that from the standard user perspective, the system thinks that the ARD Agent needs to be updated. I have verified with the PackageMaker SnapShot utility that the ARD Agent and its related files are being installed when this happens, and they appear to be the only thing being installed. The Remote Desktop Admin program itself seems to be fine.
    Does anybody know exactly what happens at the file system lever when Remote Desktop is launched? I am thinking my standard user is lacking access to a particular file or directory or right, and I am sure I could quickly find it if I new what to trace. Watching fs_usage has yielded lots of information, but nothing that has helped...
    I have also removed and reinstalled Remote Desktop to no avail. Disabled all ACLs on the file system, placed known-good receipts and run permission repairs, and forced chmod -R 777 down the path of everything I can find with the names Remote Desktop, ARD, etc...
    I am a little worried at this point that the issue is created by the imaging process something like the question marks in docks in the latter updates of 10.4. I have seen similar issues come up (launching apps under Rosetta being one) with users' LaunchServices property lists after moving their home directories from one volume to another, making the issue very hard to track down, as they reside in files that do not contain the name of the app being affected...
    Any further ideas would be much appreciated!
    Les

  • ARD 3 Task Server Access

    I have a server set up with ARD 3 to be used as a Task Server. I have the proper check boxes set in ARD Preferences to allow access to that box. I installed ARD application on my laptop and am trying to set it up to talk to the task server. I am being prompted for a name/password and for the life of me cant figure out what it wants.
    I tried ARD with the random password generated
    I tried my Local Admin account and password
    I tried the Servers Local Admin account and password
    Do I need to create a new user on the server for this task?
    I scoured the admin docs and have not seen any specific reference to task server in this capacity....HELP 8-)
    -Mike 
    PowerMac G5, Mackbook Pro, 20" iMac   Mac OS X (10.4.6)  

    I can verify that 2 distinct serial numbers do work 8-)...my other licenses came in today, I updated the Serial number on the server with the copy purchased for the server, and I installed another copy on my test admin machine using the one for myself, 2 distinct serial numbers....works as advertised, the only thing I needed to do was enter the name and password of an ARD user after picking the task server in the admin set-up.
    Works like a charm. My remaining question is. exactly what privs in ARD agent does an account need to have enabled to allow it to be used as an authentication account to activate an admin client to use that task server?
    -Mike

  • ARD Access denied, though correct username/password

    Good day everyone, I have a curveball for you all.
    I have a server that I need to connect to over the internet. VPN into the network, I can connect through server admin, ssh, but when I try to connect over ARD, it errors out, saying access is denied. I have disabled, renabled remote control, etc. Still wont accept the credentials, even though I use them for server admin and ssh, etc. Is there something I am missing?

    does it have the current version of the ARD agent?
    you can try reinstalling the latest update (http://www.apple.com/downloads/macosx/apple/application_updates/appleremotedeskt op332client.html).
    you should also ssh into the server and use kickstart to ensure the user in question has full access. some details are here: http://support.apple.com/kb/HT2370

  • ARD crashes Postgres on kickstart

    A running, working version of Postgres listening on port 5432 crashes when ARD (agent) is 'kickstart'ed.
    - Postgres version is 8.1.3.
    - ARD version is 3.0.
    - "kickstart" is run from the command line.
    - OS X version is 10.4.7.
    Sound familiar? Pointers, sympathy appreciated.

    Hi Matt,
    found a link to this thread on this site: Topic: ARD 2.2 is a mess... Scanner broken. It's a long one detailing the same problem.
    If you go to the last three or so entries, you'll find a solution to the problem.
    As far as I understand the scanning prob is caused by something going wrong with the DNS entry in the Network pane of the System Prefs. Scanning seems to rely on the entries here - probably it checks and uses the entries to guide its search.
    Without an entry you'll get the crash problem. With an entry it doesn't like you'll also get same. Success was achieved by placing a bogus DNS entry in the DNS pane instead of the one the scanner didn't like.
    I can only guess that if the scanner finds a completely inaccessible DNS in the pane it ignores the pane and continues without it. Perhaps with a certain kind of DNS entry - including no DNS entry - the scanner goes into an unrecoverable loop and the pin is pulled.
    This could perhaps explain the Bad Address being noted as the cause for the crash in your Crash Log.
    Regards,
    Peter C
    PowerBook 15" hi res   Mac OS X (10.4.5)   2 Gig RAM, 120 Gig HD

  • Live Update of ARD "Info" Fields ?

    Hello I am using a script to update the 4 "info" fields available in ARD like so:
    defaults write /Library/Preferences/com.apple.RemoteDesktop Text1 "Foo"
    My issue is that the update doesn't get reflected until one of two things happens:
    A. I restart ARD using kickstart.
    B. Open and Close the "Computer Settings" panel in the Remote Management pane of sharing.
    Doing one of these two things every time I update this field is going to be impractical.
    Is there an elegant way to nudge ARD into updating the "info" columns like the "Computer Settings" pane is able to do?
    Thanks in advance for any help.

    Just have a couple thoughts. I've had better luck with using kickstart proper than defaults for changing ard info fields and actually having the agent recognize the change. Also, if you're able to get it to update via kickstart, you could just append that to your script. I routinely send the following via Send UNIX Command as root for at-a-glance access to the serial number:
    /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/ki ckstart -configure -computerinfo -set2 -2 "$(system_profiler SPHardwareDataType | awk '/Serial Number/{print $NF}')" && sleep 2 && /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/k ickstart -restart -agent -console ;
    The 'sleep 2' was tacked in as sometimes kickstart apparently exits before it's actually done. The consecutive commands are appended using && rather than ; so the agent restart step isn't done unless the -setX -X one succeeds. Also note that if all works as planned, the ARD task never actually finishes as you're interrupting the remote ARD agent mid-stream; just wait for the clients to all return "Starting..." twice and then hit stop on that active task.
    In any case, you can change the -set2 -2 to choose an info field, then substitute in your Foo commands in place of "$(system_profiler SPHardwareDataType | awk '/Serial Number/{print $NF}')"
    Hope that helps some. Let us know how you've made out.
    Cheers, Joel

  • What I want to do with OSX Server this Summer...

    I would like to develop and deploy a number of services for my 10.4 server so I can better manage all the Mac machines within my control. First, though, here's a little about my topology. We are a Windows 2003 based enterprise where all services are delivered via Microsoft implementations. However, since we do have a large number of Macintosh computers, I have setup a 10.4 server to take care of centrally maintaining and backing up data/file systems. So far, I've got this server up and running for data backups, but there's so much more I want to accomplish:
    1) Configuring it as a Apple Software Update server
    2) Configuring it to update all 3rd-party client apps. such as Adobe CS 2, Quark, Stuffit, etc so that all Macs are using the same software versions
    3) Creating and distributing a centralized FONT repository
    4) Configuring it to run various routine maintenance scripts to optimize client machine's file system health (such as cache cleaning, Macaroni, prefs pruning, etc)
    Your suggestions and tips are greatly appreciated and if you can direct me to the proper documentation I would be really greatful.
    In review, I'm looking to setup and use my 10.4 server to update client machine software, synchronize 3rd-party app.s, run vital maintenance routines and installing a centralized FONT repository for better font managment and control.
    And finally, how does Apple Remote Desktop fit into this scenario? And where do I find it on server 10.4?
    Thanks,

    In order:
    >Configuring it as a Apple Software Update server
    1) Open Server Admin and connect to your server
    2) Select 'Software Update Server' and click start.
    You're now running your own software update server. It will automatically download updates from Apple and make them available to clients (you have some additional controls in Server Admin which you can play with).
    The other half of the equation is telling client systems to use this machine as their Software Update server rather than Apple. This might be a little tricker depending on where/how the users authenticate to the network. If you're using a directory server on the Mac you can just use Workgroup Manager -> account -> Preferences to set the user's Software Update Server.
    If your users authenticate against the Windows directory server, though, that won't work, so you'll need to change it for each user. To do that, run the command:
    <pre class=command> defaults write /Library/Preferences/com.apple.SoftwareUpdate CatalogURL "http://your.server.address:8088/"</pre>
    on each user's workstation.
    >Configuring it to update all 3rd-party client apps. such as Adobe CS 2, Quark, Stuffit, etc so that all Macs are using the same software versions
    This is a little trickier to do since each application can have its own installation rules. Apple Remote Desktop can help here (can you manage application installations from one location), and is probably your best bet.
    >Creating and distributing a centralized FONT repository
    Fonts are not my strong point. I'll defer to others on the best way of managing fonts under OS X.
    >Configuring it to run various routine maintenance scripts to optimize client machine's file system health (such as cache cleaning, Macaroni, prefs pruning, etc)
    Apple Remote Desktop, without a doubt. You can run any command on any number of workstations on any schedule.
    The ARD agent is pre-installed in Mac OS X Server, but it's no use without the main admin app, which is an additional package you'll need to buy. Either the 10-user version for $299, or the unlimited user version for $499 (in both cases the user number refers to the number of workstations you can manage).

Maybe you are looking for

  • Pdf will not display correctly on iPhone or iPad

    I put together a monthly newsletter that is 20 to 30 pages long every month for my club using iWorks Pages. The newsletter contains graphics and text on every page, a mixture of jpgs & png files all in rgb as this is meant to be viewed and not printe

  • Reset my phone and now im locked out.. need help

    hi i bought a iphone 3g from amazon.com and i reset it to default and now it has locked me out. when i bought it the phone is was unlocked but now i cant even use it. is there a way to unlock it myself?

  • How... ?

    How to get the count of # of records affected after running the query? Right after running the update query, I need to update the activity table, with the # of rows got updated. Oracle 10g R2. Thank you, Smith

  • Sap Busness 1 trial version

    hello, i'm interested in trial/evalution copy of  Sap Busness 1. where it can be ordered/downloaded?.. thank you eithan

  • Premiere Pro CS5 will not install on a brand new PC

    I am trying to install CS5 on a brand new PC running Windows 8.1 Pro . The installer says that my computer does not meet the requirements to install Premiere and AfterEffects. However, I know that the hardware meets at least the minimum requirements.