Hi all,
I noticed the fixlet for remote control target for macOS come across about a month ago (unsure if this was available before) and have deployed it to my test group. I have two hangups that are making it a nonstart at the moment. I’ve done quite a bit of searching and aside from rare bigfix documentation I haven’t found anyone who is successfully using this feature in production. I’d love to get this working for our helpdesk agents.
-
The port used for our Windows TRC is 888. I was not around when this was implemented but I get the feeling it is non-standard among bigfix deployments. I cannot get TRC for Mac to work unless it is on port 8787 which appears to be standard config.
-
Unless a user has logged in I cannot remote control the Mac. I think this is down to not having a launchdaemon available for the remote control target.app the way there is for the regular Bigfix client. I’ve tried making a .plist to launch the target at boot but have so far been unsuccessful. Admittedly my Mac knowledge is very limited.
Thanks,
10panxianshi
Is there anyone using TRC for MacOS successfully?
Hi 10panxianshi,
Sorry for the late answer.
The macOS Target has been released recently (March 2017) with the release 9.1.4 and this is probably why you are not finding so much information on this new feature.
I can confirm you that the default port for macOS is 8787 instead of 888 and the reason is simple: in Linux and Unix only root can use the ports below 1024.
As you noticed the macOS target is an application and it runs in userspace with the permission of the logged on user or the user which opens the application. This ensure a better security level without limiting the target functionalities. Moreover the macOS target is currently supported in P2P only and not in Managed mode (it can’t be registered to an RC server) .
1 Like
Thanks for the response f.pezzotti. I was not aware of the port limitations in Linux/Unix, but that definitely explains the issue.
As far as the application running in the userspace I am surprised this is the case. My team’s biggest use of TRC is for accessing computers that are not necessarily logged in, and often when they are logged in there is the need to reboot/logout which would again fall into that limitation. That’s how we use it on Windows machines anyways. Perhaps this is more a limitation of Linux/Unix than anything and I’ll just have to settle for what I get.
The limitation I was referring to was about the port number. The Linux target doesn’t have such limitation since it runs as root. If we allowed running the target as root on macOS too then it wouldn’t be any problem. For now we don’t have such capability by design. I don’t know exactly why it has been designed like this but this doesn’t mean that it won’t change in the future.
ah, thanks for the clarification. I don’t have the target on any linux boxes but good to know it’s a Mac limitation only.
It seems like the enforcement for ports < 1024 has been removed from macOS Mojave
https://news.ycombinator.com/item?id=18302380
I set the Target port to 888 on macOS Catalina and it’s working flawlessly.