Posts Tagged ‘ard’

Enroll Existing 10.8 Machines In Profile Manager (or another MDM) Using Apple Remote Desktop

Thursday, October 17th, 2013

Since we can now do less and less with MCX, we need to rely on Profile Manager for user and machine-specific management inside of OD. This is very easy if you are re-imaging all of your machines (using automated enrollment with Deploy Studio), but what about environments that have upgraded to 10.8 organically? Or if you’re attempting to manage machines that are already in use? If you’ve got ARD or SSH access, you’re in luck, as you can very easily push an Enrollment Profile that will automatically enroll the machine at the next reboot. This is done by manipulating files in /private/var/db/ConfigurationProfiles/Setup/. You can build a set of tasks in ARD to perform the following tasks.

First, we want to rm /private/var/db/ConfigurationProfiles/Setup/.profileSetupDone. At startup, OS X looks for this file and if not found, it will load any profiles found in the containing Setup folder. Make sure this command is run as root.


Secondly, we need to actually copy the Enrollment Profile (and Trust Profile if needed) into /private/var/db/ConfigurationProfiles/Setup/. The profiles are loaded in alphabetical order, so make sure the names of the files will ensure that the Trust Profile runs first, or the Enrollment Profile will fail if you have not properly signed your configuration profiles. A good test to see if you need to send the Trust Profile as well is to install the Enrollment Profile you downloaded manually on a fresh test system – if it installs without error, you’re OK to use just that. If you get an error about needing a Trust Profile, either adjust your settings in to properly sign the Enrollment Profile in server, or install the Trust Profile on the machines as well.


Note: You don’t have to install two profiles using most 3rd party MDM solutions, such as Casper, FileWave, etc.

It is important that we get the correct Enrollment Profile to load onto our target machines – you can’t simply log into and use the profile that results from the “Enroll” link – this is a per-device file.  We need to get our Enrollment Profile from the admin page ( Once logged in, click the “+” in the bottom left corner and select “Enrollment Profile”.


Configure the profile as shown below and then download.


You can also download the Trust Profile from the same screen if needed.


Once you’ve deleted the .profileSetupDone file and loaded the appropriate profiles, the machines will self-enroll at next reboot (or if you’re a heartless admin, you can force a reboot via ARD). You can now enjoy device management via Profile Manager!

Spin passwords using Apple Remote Desktop

Monday, February 18th, 2013

We routinely need to change our administrative passwords on multiple computers as part of our security policy. Since we already have remote access to many of our Mac OS X computers through Apple Remote Desktop (ARD), changing that administrator password is quick and simple.

First, a short shell script:

# Change an account's password

/usr/bin/dscl . passwd /Users/$ACCOUNT $PASSWORD

if [ $? = 0 ] ; then
echo "Password reset."
echo "Password not reset."

In ARD, click the Send UNIX Command button and paste the script into the top field. Choose to run this command as a specific user and specify root.

Send UNIX Command

From the Template drop down menu in the upper right corner select Save as Template… and save these settings with a descriptive name such as Spin ladmin password.

Save as template

To use and reuse this template, select the workstations with the old account password and click the Send UNIX Command button in ARD’s toolbar. Choose the Spin ladmin password template from the Template drop down menu. Adjust the account name and password accordingly in the script and then click the Send button.

ARD can spin dozens or hundreds of account passwords in just a few seconds without having to know the original.

Migrating the Apple Remote Desktop Database

Thursday, January 13th, 2011

Whenever dealing with data migrations, is always important to get a good handle on what data you need to transfer, and the purpose that it serves toward the operation of the program: some elements may be more important to you than others. In the case of Remote Desktop, there are a number of different data stores that you’ll want to be aware of:

  • /Library/Preferences/ – This file contains system-wide preferences, primarily serialization information, which is system-specific (so you’ll need to serialize on the new system using the original serial number).
  • /var/db/RemoteManagement – This database and set of caches contains the Remote Desktop Client database used by client reporting.
  • ~/Library/Application Support/Remote Desktop  – This folder is used to store your command presets (including Unix Send Command templates), your task history, and task manager settings and actions.
  • ~/Library/Preferences/ – This file contains the bulk of the Remote Desktop application experience, including the entire computer database, computer lists, scanners, and last but not least, access credentials for all computers in the database.

Once we have an understanding of the data stores utilized by ARD, it’s fairly trivial to transfer the admin database. Assume in the following example that we want to migrate our ARD database from our local computer instance, to a new computer connected via Firewire disk mode and mounted at /Volumes/NewMac. For most cases, all we really have copy over is the main user preference file ~/Library/Preferences/

cd /Volumes/NewMac/Users/username
cp -p ~/Library/Preferences/ Library/Preferences/

If you have any stored command templates, or want to preserve your task history, copy over the Application Support folder:

cp -pR ~/Library/Application\ Support/Remote\ Desktop/  Library/Application\ Support/Remote\ Desktop/

If your ARD install is collecting reports, you’ll likely want to copy those over as well. Because this database is root-owned, we’ll need to use sudo to copy it:

sudo cp -pR /var/db/RemoteManagement/ /Volumes/NewMac/var/db/RemoteManagement/

That’s it! It’s probably a good idea to restart for good measure, but for the basic ARD admin application, a relaunch should get you up and running with the new database.

[ DNS ] Setting hostnames based on PTR

Friday, August 29th, 2008

Xsan 2 will use the hostname to connect to a client, normally this is set correctly but due to some caching issues I had to manually set this via ARD the other day. Enjoy the quick code:

scutil --set HostName "$(host $(ifconfig en0 |

awk '/inet /{ print $2;exit}') |

awk '{print $NF;exit}' |

sed 's/.$//g')"

If would you like to contact me with comments or inaccuracies about this article, feel free

Using cmpindex4 to Fix Kerio Status and Index Files

Friday, May 9th, 2008

This is a BASH(shell) script deployed on a few select client systems, it is not installed by default. To use it you must upload the script to the server using any method available such as ARD’s copy command, scp/sftp or as a last resort cut and paste via ARD (if the ARD UDP ports have not been opened on the host).
If you do cut and past to recreate the file, make sure to use a command line editor such as nano or vi ( or just use TextEdit with (Format ->Make Plain text Selected). The scripts creator suggests you place it in the mailstore directory (which could need to be done as root) i.e.
sudo cp ~/Desktop/cmpindex* /usr/local/kerio/mailserver/store/mail/
chmod +x usr/local/kerio/mailserver/store/mail/cmpindex*

Once installed the general use is fairly simple, the script does a line count on any index.fld (or status.fld ) file passed to it, i.e:
sudo /usr/local/kerio/mailserver/store/mail/cmpindex4 /path/to/mailserver/store/mail/

Alternatively using the preferred method you can use find command in conjunction with the cmpindex to search for all index.fld files in the mailstore, while this takes longer , it will yield a more complete fix for all index and status files having issues.
sudo -s
cd /usr/local/kerio/mailserver/store/mail/
find . -name index.fld -exec ./cmpindex4 {} \;

The scripts behavior is to compare the line numbers in the index.fld and status files and either correct the mistakes in size by recreating the file ( in the case of the status files ) or to rename the index.fld to index.bad automatically(which is picked up by the built in kerio reindex tool ) . The script will output the names of the files affected.The script uses the BASH shell, and thus will be default only work on *nix and Mac OS X Systems, however you can use it under cygwin on windows with the following commands installed sed,rm,touch,mv,perl,awk,grep. The script was created by a Kerio engineer and could use some rewriting but is generally solid.

Starting (and restarting) Retrospect Clients From the Command Line

Monday, March 10th, 2008

Port scan the system to see if port 497 is up. Send Unix Command(this very often does not work for me) : exec SystemStarter stop RetroClient # then exec SystemStarter start RetroClient

If the above fails, enable SSH by sending the command via Send Unix: systemsetup -setremotelogin on

Open up a new terminal window and ssh into the system: ssh 318admin@

Run the following to start the retrospect startup item: sudo /Library/StartupItems/RetroClient/RetroClient

if that does not work you can try to manually run the daemon in the foreground: sudo /Applications/Retrospect\

This last command is only helpful for debugging as the client will exit as soon as you close the window. however you can open up multiple (ssh) terminal windows to view the logs on while you manually start and stop the service.

tail -f /var/log/retroclient.log tail -f /var/log/system.log

Create Mobile Accounts From Local Accounts in 10.4 and 10.5

Sunday, March 2nd, 2008

This setup can be performed locally or remotely via Apple Remote Desktop 1. Have the user change the local password to the network password via the System preferences, if this step is skipped , add the Keychain minder application as a login item.

2 . Login as the 318admin account ( Create if necessary ) Do not use Fast User Switch!

3 . Verify the Bind for the system to Open or Active Directory

4 . Survey the existing home directory permissions viewing them numerically:

ls –lnd /Users/anna

# drwxr-xr-x+ 38 505 505 1292 Feb 29 14:36 anna

In this example 505 is the local users UID 5 . Obtain the UID of the local user:

id –u anna

# 505

6. Obtain the UID of the network user ,in this example the network username and local username are the same, the steps are the same if they are different

6.1 When using Active Directory Note “WALLCITY” is the NT STYLE DOMAIN for

id –u ‘WALLCITY\anna’

# 138809240

6.2 When using Open Directory: Note is the Open Directory Server that the client is bound to.

dscl /LDAPv3/ -read /Users/anna uidNumber

# uidNumber: 1035

Note the UID discovered for both the local user and the network user

7. Delete the local user account reference If configuring remotely via ARD, lock the screen before performing this step, so that the user cannot accidentally login during the process.

dscl . -delete /users/anna

8. Change the ownership (recursively) numerically using the network uid and the “staff” group in this example 138809240 is the AD network uid discovered on step 6.

chown -R 138809240:staff /Users/anna

9. Create the mobile account

9.1 For Leopard 10.5 Systems sudo /System/Library/CoreServices/ -n anna Note: NO line break above

9.2 For Tiger 10.4 Systems Note: MCXCacher-Uanna sudo /System/Library/CoreServices/ -U anna

10. Verify permissions where changed to network account numerically ls -lnd /Users/anna

# drwxr-xr-x+ 39 138809240 20 1326 Feb 29 16:04 /Users/anna

10.1 Verify uid->username resolution works (i.e. 138809240 equals anna or WALLCITY\anna and 20 equals staff as shown

ls -ld /Users/anna

# drwxr-xr-x+ 39 anna staff 1326 Feb 29 16:04 /Users/anna

Leopard: Get buttons from ARD for Screen Sharing

Wednesday, February 13th, 2008

Screen Sharing is a great enhancement to Leopard. The ability to control other Macs isn’t only available through third party applications any more. However, many administrators who are used to using Apple Remote Desktop will want some of the features they have become accustomed to, such as curtain mode, full screen, get clipboard, etc. So to obtain these features, the following command (all on one line) will unlock many of the buttons that have been disabled in Screen Sharing: defaults write \ 'NSToolbar Configuration ControlToolbar' -dict-add 'TB Item Identifiers' \ '(Scale,Control,Share,Curtain,Capture,FullScreen,GetClipboard,SendClipboard,Quality)'

Final Cut Issues On Intel Xserve’s

Wednesday, April 11th, 2007

This is the result of our testing of using Intel Xserve’s with Final Cut Pro:

Also, in my testing the final result of the Intel Xserve VGA boot is this:
-If you power it on without a monitor attached it will not open Final Cut.
-If you power it on with a monitor attached and remove it before opening Final Cut then it will not launch Final Cut.
-If you power it on with a monitor and open Final Cut then Final Cut will work until closed provided you leave the MiniVGA adapter plugged in. If you remove the MiniVGA adapter then Final Cut will crash.
-If you power it on with a monitor and open Final Cut, then remove the monitor and close Final Cut, Final Cut will not launch until it is rebooted without a monitor.

It comes down to whether the Quartz Extreme is initiated and/or running. Just an FYI on what I found in my testing of this.

serveradmin in OS X

Monday, November 20th, 2006

Mac OS X Server is a strange beast. It has the ability to cause you to
think it’s the greatest thing in the world in that you can do all kinds of
complicated stuff quickly through a nice GUI. It can also dismay many of us
who know where Unix-specifics live in the OS and would prefer to configure
things there. So, where are all those settings that override so many of
the default Unix configuration files? Serveradmin is a command that gives
access to much of what you see in Server Admin and much of what you don’t.

Serveradmin use starts out with viewing data on a specific service. For
example, type sudo serveradmin fullstatus vpn and see a full status on the
settings and use of the vpn service. Or issue an sudo serveradmin settings
ipfilter command and see the settings applied to the firewall service. To
see all of the services you can configure and view type sudo serveradmin
list. Then look at doing a serveradmin start afp followed by a serveradmin
stop afp. Suddenly you are stopping and starting services on a server using
the command line, meaning you can actually issue these over an SSH session
rather than having to use ARD to connect. This can become invaluable when a
bad firewall rule locks you out of the Server Admin tool. Just issue a
serveradmin stop ipfilter and you’re right back in!

You can also set settings that aren’t available in the GUI. For example,
look at VPN. Let’s customize where we put our logs. First, type in sudo
serveradmin settings vpn. Now, look for the following entry: = “/var/log/ppp/vpnd.log”

To change this setting, let’s type in:
Serveradmin settings =

Now the PPTP logs will be stored in a separate location than the logs for
the rest of the VPN service. This couldn’t have been done using a
configuration file, but only using the serveradmin command. Nifty!

Now let’s look at NAT. NAT is cool, but there’s just two buttons: Start and
Stop. So how would we require a proxy for Internet traffic? How about
Serveradmin settings nat:proxy_only = yes

Or we could log denied access attempts using:
nat:log_denied = no

These options aren’t available from the GUI at all. But what really happens
when we’re using these commands? Well, typically a plist file is being
updated. Any time you see a yes or no value then you are looking at a
boolean variable in a plist file. That log_denied variable is also stored
in /private/etc/nat/natd.plist in the lines:

Fun stuff! In my book I actually go into a little more detail about
forwarding specific ports to other IP addresses using the NAT service as
well. That too happens in a plist.

Running Software Updates Remotely Using ARD

Tuesday, February 28th, 2006

Setting up your server as a Software Update Server is recommended.

As long as SUS services has been enabled on the server, use the “Unix” button in ARD to trigger and install updates. Multiple computers supported as well.

Step One.
If the target machine has not been configured for root SUS send the following command.

defaults write CatalogURL “”
Select the user button and type root

Step Two
To list the updates available send the following unix command
softwareupdate –l
This will output to ARD a list of available updates for each machine selected.

Step Three
To install all updates rune the following unix command
softwareupdate -i –a
This will initiate a remote download and install of all available updates
ARD will show the progress of each machine.

To install a specific update send the following unix command.
softwareupdate –i SecUpd2007-002Univ-1.0

When updates are finished ARD output will tell you to restart immediately. It is recommended you restart at this time. Use the restart command under the manage menu.

Using Defaults in OS X

Monday, November 21st, 2005

The defaults terminal command in MacOS X allows you to add/change settings for applications which use the system’s standard XML based preferences file format.

A perfect example of this is adding items to the Dock for a user. Just copy and paste the following commands into a Terminal window (in this example, we’re adding TextEdit to the Dock; change the filepath to whatever application you want to add ):

$ defaults write persistent-apps -array-add ‘tile-datafile-data_CFURLString/Applications/TextEdit.app_CFURLStringType0

$ killall Dock

As with any UNIX command, you can extend this into ARD by using the Send UNIX Command. This allows you to make changes to the dock for multiple users at the same time.

5 Tips and Tricks with Apple Remote Desktop

Tuesday, September 27th, 2005


1. Create a new user on remote machines.
There are several ways to create new users across multiple machines with ARD, including running niutil. But because the Send UNIX Command is not interactive, there is no way to enter a password when prompted unless you know more advanced Unix syntax.

My preferred method is to create an ARD installer package (you can even specify an account with no ARD privileges to just create a generic user without ARD rights), and then use the Install Package command on the client machine(s). If you need that user to have admin rights on his/her machine (the ARD package installer creates a standard, non-admin user by default), you can run the UNIX command after you have installed the package (be sure to run it as root):

niutil -appendprop / /groups/admin users newusername

2. Remove a user from remote machines.
It’s as easy as running two UNIX commands as root from ARD (be careful, these commands are case sensitive):

niutil -destroy . /users/deletedusername
rm -rf /Users/deletedusername

Be careful not to delete the user account that your ARD admin machine is using for ARD access!

3. Figure out who needs which updates.
Let’s say you have a large group of computers that need updating, but you have no idea which machines need which updates. You can send a UNIX command to all selected computers simultaneously to get a look at who needs updating:

10.2 clients:

10.3 & 10.4 clients:
softwareupdate –-list

Software Update will launch as a background process on the selected machines, without requiring any action by the user (and without their even knowing it). Once their systems have checked with the Software Update server for the latest updates, you will see the results of your query in a separate window.

4. Force clients to get current via Software Update.
Tired of pushing patch after patch using the Install Package command? You can force client machines to run their own Software Update locally by sending a UNIX command (this must be run as root to work properly):

10.3 & 10.4 clients:
softwareupdate –-install –-all

Software Update will launch as a background process on the selected machines, without requiring any action by the user. Mac OS X 10.3 clients will retrieve their updates from Apple, so be mindful of sudden bandwidth constraints for your LAN if you try this during a busy time on a lot of machines simultaneously. But if your 10.4 Server and Clients are configured for Software Update services, the client machines will retrieve their updates from the cached packages on the server, saving you significant bandwidth resources and time.

10.2′s version of softwareupdate doesn’t have a man page, so I still haven’t figured out how to tell Jaguar systems to update everything to the current version. My workaround was to first get a list of all eligible updates (see item 3 above), then use the command:

softwareupdate –-install [list each update individually]

Be careful to not leave client systems in an unstable state. When the softwareupdate application is done installing an update that requires a restart, it will be indicated on the status window’s output screen.

5. Export and Import computer lists.
Unfortunately, there is no way to move the entire collection of Computers and Lists from one ARD Admin machine to another (that is, without moving the entire POSTGRESQL database, ARD .plist files, and ARD Keychain items). It’s less complicated just to export the list(s) of your choosing and import to the other machine.

Select a list and choose File > Export Window; you can now save the contents of the window to a text file. On the other ARD Admin machine, you can create a new Scanner, choose File Import, and drag-and-drop the text file into the Scanner window. You can then add those items to the Master List (or any other list you are managing).

I didn’t mention the software auditing capabilities of ARD: you can get a
full report of all software installed on the remote machine(s), and do a
search across multiple machines for a single app (you know, in case you
can’t remember which of your 50 macs you downloaded that special application

You can also rename machines, tell groups of Macs to quit all apps and log
out and/or restart/shutdown, perform hard drive and network diagnostics,
clone a hard drive (local to remote: appears to be a remote ghosting

Using VNC to Connect Heterogenous OSs to ARD

Sunday, September 1st, 2002

Due to the number of VNC distributions it is not possible to cover all of them. This section is meant to introduce you to the basic concepts of running VNC on the Windows platform so you can use any of the applications you find that have the features you need.

Ultr@VNC is open source and offers enough of the same options available to Mac users to establish a connection between ARD and Ultr@VNC. To install Ultr@VNC:
1. Download Ultr@VNC Server from the Ultr@VNC website at
2. Open the file from your desktop.
3. Select your language and click OK.
4. At the welcome screen click Next.
5. Accept the license agreement and click Next.
6. Read the Manual or click Next.
7. Select where the software should be installed and click Next.
8. Select whether to install the VNC Server, the VNC Viewer and the DSM Encryption Plugin for AES compatibility (see Figure 7.x) and click Next.

Figure 7.x

9. Type a name for Ultr@VNC to have in the Start Menu folder of your system and click Next. If you would prefer not to have Ultr@VNC icons placed in your Start Menu, select the box for Don’t create a Start Menu folder.
10. Select any other additional tasks you would like to have run by the installer such as Starting the UltraVNC service, registering UltraVNC as a service, configuring the Admin Properties and adding icons to the desktop (see Figure 7.x) and click Next.

Figure 7.x

11. Click Install.
12. Now you should see the Ultr@VNC icon in your Windows System Tray. If you do not you can open Ultr@VNC from your start menu.

Connecting to Ultr@VNC from ARD
The default settings of VNC are not compatible with accepting ARD clients because there is no password. Before we can establish a connection from ARD we will need to assign the password for ARD. To do this, Right-click on the Ultr@VNC icon in the system tray and click on Admin Properties (see figure 7.x). Type in a password in the password dialog, change any of the other settings to suit your needs and click Apply.

Figure 7.x

Other Solutions for VNC
VNC can also be installed on Windows CE using the commercial application PocketVNC or the open source application VNCViewer for PocketPC.

SynCE can be used to remotely administer Windows CE devices using Mac OS X, provided that you are using the latest version. You will also need to be using the Mac OS X Developer Tools as well as the libiconv and libpoll libraries, which can be obtained using Fink.

PalmVNC 2 can be used to remotely administer VNC from a Palm OS driven device such as a Tungsten or Treo.

Tip: Check out the Mac OS X Specific portion of the website for further configuration changes that may need to be made in order to get this open source package to function with Mac OS X.

Another great product is KVM-over-IP, offered by Adder Technology and RealVNC. This piece of hardware allows you to connect your Keyboard, Video and Mouse for Windows and Linux systems into a hardware device and control up to 16 systems remotely. The product is not cheap, but does offer very advanced capabilities.

Controlling Macs with VNC
Controlling a Mac using the VNC software from a Windows system is a little different than house ARD to ARD connections work.

Becaue the authentication scheme is the main difference between other distributions of VNC and ARD, it is important to prepare a Mac running ARD for the upcoming connections initiated from Windows and Linux distrubutions of VNC. To do this:
1. On the target Mac open System Preferences.
2. Click on the Sharing Preference Pane.
3. Click on Apple Remote Desktop (see figure 7.x).

Figure 7.x

4. Click on the button for Access Privileges.
5. Enable the option for VNC viewers may control screen with password and enter a password for administration from other platforms (see figure 7.x).
6. Click OK.
7. Close the System Preferences window.

Figure 7.x
Installing VNC Viewer on Windows
When you are using VNC to connect to a Mac you can download and install either the TightVNC or RealVNC version of VNC Viewer. For this example, we will be using RealVNC’s VNC Viewer. If you already installed the VNC Server earlier in this section you will probably not need to do this, but we will cover it just in case.

1. Download the VNC Viewer application from
2. Double-click the software to run it for the first time.
3. Type the IP address of the target Mac in the Server field (see figure 7.x).

Figure 7.x

4. Typically users leave the encryption option as Let Server Choose. Changing this can be tricky. If you have no changes, click OK.
5. Type the password set on the target and click OK (see figure 7.x).

Figure 7.x

Once your Mac systems have been prepared to be controlled from a VNC session, download the client application for Tight VNC or

Tip: Right-Clicking on the top bar of the VNC window will give an administrator the ability to send keystrokes to the target, initiate a second connection, view information about the connection, refresh the screen and swtich to full screen.
Managing Linux Systems using VNC
Most Linux distrobutions come with a VNC client built into the X-Windowing system they are running. If you are not running an X-Windowing system such as Gnome or KDE then chances are you will have no reason to be running VNC as you are already establishing connectivity using SSH or some other command line utility.

If you are running a distrobution of Linux that does not have VNC then you can install different versions based on the X-Windowing system you are running.

Enabling VNC from KDE

There are about as many versions of Linux and Unix as there were programers in the 1980’s. This makes it difficult to go through all of them. There are also multiple versions of the windowing systems. For this example we are going to setup a VNC Server to run on the KDE 3.2 X-Windowing system running on top of Novell’s SUSE LINUX 9 Enterprise.

To setup ARD to connect to VNC on Linux:
1. From the KDE Desktop, click on the Novell logo in the bottom of the screen.
2. Click on System.
3. Click on Remote Access.
4. Click on Desktop Sharing.
5. Click on the Configure… button.
6. Under the Access tab.
7. Enable the option for Allow uninvited connections (see figure 7.x).

Figure 7.x

8. Enable the option for Allow uninvited connections to control the desktop.
9. Enter a password to allow you to administer the system remotely.
10. Click on the Session tab and you will probably want to disable the background image in order to improve the performace of VNC.
11. Click Apply.

Figure 7.x SUSE in ARD

Connecting to VNC on Linux from ARD

Establishing a connection from ARD to VNC as it is installed in a KDE environment is done in much the same way as connecting from ARD to Ultr@VNC.

To establish a connection from ARD to VNC on KDE:
1. Open Remote Desktop from /Applications.
2. Click on Scanner.
3. Select Network Address as the type of scanner and enter the IP address of the Linux system you are establishing a connection with.
4. Press Enter.
5. Drag the system into the Master List.
6. At the prompt to enter a user name and password leave the user name field blank and enter the password you used in the Desktop Sharing configuration in SUSE.
7. Open the Master List.
8. Click on the Linux system you are controling.
9. Click on the icon for Take Control.
10. From the Linux system, accept the connection if you have the Confirm uninvited connections before accepting option checked.
11. If you had to confirm the connection then you may have to go back to ARD and reestablish the connection. Otherwise you should be looking at the desktop of your KDE session.