Remote Login ( Specified User)

monaronyc
Contributor

Hi Folks!

We need to remove a local admin account from the Remote Login screen and add a newly created local admin account. Having some trouble with the various terminal commands out there on the net to add this. We were able to remove the old. But not add the new. Anyone know why we can't get it to show up in the same box as the Administrators is in this screenshot? Is there a better command/script we should be using for Sierra? 10.12.5 maybe?dd85dd1232c74ef6a079dc6e4a17330f

7 REPLIES 7

jhalvorson
Valued Contributor

Does the admin account have an ID below 500? Then typically it is hidden from view in most of the GUI boxes.

MAD0oM
Contributor

@monaronyc used this in the past :

sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -allowAccessFor -specifiedUsers

Replace specifiedUsers with user and test.

easyedc
Valued Contributor II

For more info, and to get a little more control over what you're enabling, I used @rtrouton's great post here to build out a script to execute what we needed. There is a problem with some of the more recent versions of ARD not building that package properly, and I opened a ticket with AppleCare OS and they provided a workaround which was supposed to be patched into a later build of ARD. That fix was back in December, so it may be baked in by now.

monaronyc
Contributor

@jhalvorson Definitely not hidden. We used a recon package to create the new local admin account on the desktops. And we went back to look at the .pkg setup in Recon and hide management account is definitely not selected.

@MAD0oM Thanks for this. We get Unknown option: (the account name) and we checked the account on the test machine. Logged in with it as well. Nada. I added -users to the string and it seems to have gone through. but we still don't see it in the list. Any ideas?

sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -allowAccessFor -Users -specifiedUsers

@easyedc We're using ARD 3.9 and that create client installer was removed. FIGURES!

thanks guys!

CJeffery
New Contributor

I'm currently looking in to doing this also.

@monaronyc Just noticed from the above that is refering to RemoteManagement and not RemoteLogin.

Is there a way to flush current users and setup from scratch?

CJeffery
New Contributor

Test at your own risk but i've managed to do it in my environment pulling together snippets of info

sudo systemsetup -setremotelogin on . (even if already on this also seems to reset it from all users to specific)
sudo dseditgroup -o create -q com.apple.access_ssh (this allows you to use the dseditgroup command)
sudo dseditgroup -o edit -a test -t user com.apple.access_ssh . (this allows you to add a specific user replace test with your user)

Works for me.

Good luck

I next want to do the same principle for remote management to lock that down to specific users.

jhalvorson
Valued Contributor

Here is the script I use to clear up the Remote Management settings:

#!/bin/sh

#screenSharing_Disable

/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -off

#uninstall all existing ARD Settings and prefs
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -quiet -uninstall -settings -prefs
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -quiet -restart -agent -console

/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -off

Here is the script I use to enable screen sharing for our jss management account, "JSSManagementAcct"

#!/bin/sh

#screenSharing_Enable

/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -allowAccessFor -specifiedUsers -restart -agent
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -users JSSManagementAcct -access -on -privs -ControlObserve -ShowObserve -restart -agent

It's cobbled together from the the following:
https://jamfnation.jamfsoftware.com/featureRequest.html?id=3585#responseChild10305
https://support.apple.com/en-us/HT201710