Screen Sharing/SSH and AD Groups

Question

Just wondering how everyone is handling their access lists for screen sharing and SSH.
I'm playing with this now and the script i'm using is as such:

#!/bin/sh
sudo systemsetup -setremotelogin on
sudo defaults write /var/db/launchd.db/com.apple.launchd/overrides.plist com.apple.screensharing -dict Disabled -bool false
sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.screensharing.plist

sudo dseditgroup -o create -q com.apple.access_ssh
sudo dseditgroup -o create -q com.apple.access_screensharing
sudo dseditgroup -o edit -a 'AD GROUP' -t group com.apple.access_ssh
sudo dseditgroup -o edit -a 'AD GROUP' -t group com.apple.access_screensharing

I've run this on a few test machines, all works OK and i confirm that my account (located in that AD group) exists in com.apple.access.ssh/screensharing.

However when trying to VNC onto one of these machines, it does not accept any credentials, even though my credentials exist in that group now? Maybe i've missed something out that someone can point out

Thanks!

millersc · Answer

I'm doing it this way prior via script.#Set VNC console defaultsudo defaults write /Library/Preferences/com.apple.RemoteManagement VNCAlwaysStartOnConsole -bool true# Set VNC Passwordsudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -clientopts -setvncpw -vncpw PASSWORD -restart -agent# Reset Screen Sharing password and privs# Set ARD privs and users with these two lines. They MUST be separate lines!sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -allowAccessFor -specifiedUserssudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -users USERS_HERE -access -on -privs -all -restart -agent

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded