Hello,
I wanted to know if it was possible to add an AD group for Remote Desktop access for VNC remote
I tried this type of script without success:
#First, create a Local group
sudo dscl . -create /Groups/ard_ad_groups
sudo dscl . -create /Groups/ard_ad_groups PrimaryGroupID "530"
sudo dscl . -create /Groups/ard_ad_groups Password "*"
sudo dscl . -create /Groups/ard_ad_groups RealName "ard_ad_groups"
sudo dscl . -create /Groups/ard_ad_groups GroupMembers ""
sudo dscl . -create /Groups/ard_ad_groups GroupMembership ""
# Nest the AD group you want to have ARD access to the ard_admin group you just created. This is done with the dseditgroup command:
sudo dseditgroup -o edit -a "DOMAIN\AD_GROUP" -t group ard_ad_groups
#Now that you have a local group with an AD group nested inside, you can give your group the necessary privileges via the ARD Kickstart command:
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -privs -all -users ard_ad_groups -restart -agent
#Just to be safe we want to make sure access is only allowed for the Specified Users, again do this via the ARD Kickstart command:
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -allowAccessFor -specifiedUsers
#The last step in this process is to set the ARD client options to allow directory logins, again do this via the ARD Kickstart command:
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -clientopts -setdirlogins -dirlogins yes
Tank you for your help
