Jamf Nation Community

Well, yes and no. Logging in as that local admin is going to take control of the screen, which is what I'm trying to avoid doing.

I'm trying to do some ninja moves behind the scenes. I only need to execute one terminal command - it seems silly to interrupt the user for 30 seconds to do that.

So, the user is logged into the Mac using your local admin account? Or are they logged into their own different account? If its the latter, logging into Screen sharing under an account that is not currently in control of the screen won't interrupt the user. It creates an additional log-in session that the other user does not see.

But, backing up a moment, why not SSH into the Macs if all you need to do is a couple of quick Terminal commands? Or even jus use Casper Remote to send the commands directly to the Macs with the Run Command field? We do this a lot (SSH) and it makes much more sense if you actually don't need access to the GUI.

ok so the only account on the computer is the user account, which is the admin account.

there are no other accounts to log in to screen sharing that would not be in use.

I don't think remotely executing the command will work - in this case, the command requires administrator authentication. I think it will be unable to execute because it will quick back an authentication argument - at least that has previously been my experience when trying to perform the same thing with ARD.

When you use Run Command from Casper Remote, its running the command as root, so it should not require any authentication. It already knows the Casper management account password and escalates its own privileges. That's how Casper Suite does its stuff, by running things in a root context so it doesn't get stopped up by things that would normally require someone to type in a password, such as installing software.

As for ARD, its possible to do the same thing, but you need to make sure the command is also being run as root (its a radio button choice when doing Send Unix Command if I recall correctly). It just uses whatever account password you're using to manage the systems in ARD.

Ok, cool. I'm going to give it a try.

Two options, When you log in as the screen sharing account you can then log out and log in as an admin account and it should still remain behind the scenes (as long as another user is still logged in).

Or in terminal just type

login

then your admin name and password. Then it uses your admin name and password for all commands.

Gabe Shackney
Princeton Public Schools

Yea, I've seen this and know what you're talking about. @gshackney 's solution is workable. Yet, like @mm2270 said the casperscreensharing user has a totally randomized password that you cannot utilize reasonably while logged in, in that manner. You could use the users own admin credentials if you needed to run something as an admin (changing a system pref or the like). However, I must really, strongly recommend you figure out a way to start using a separate JAMF management account. Actually, a lot of folks here tend to agree that there should be at least three accounts. 1) The JAMF Management account, Hidden with SSH privileges, 2) A local admin account for IT use and 3) the User account, either admin or not based on your situation/policies etc.

Regardless, your question in specific really depends on what you are trying to do within the 'casperscreensharing' user.

@InsigniamLLC Casper Remote commands will run as root on the target mac, so there should be no with prompt.

It should act the same as a "Send UNIX command" in ARD with the user set as root.

You know... I went to check this out today and I'm having issues logging into a system using casperscreensharing. Weird, I'm going to have to sort that out.

@bentoms this is true for commands, packages and other such items managed via the main Casper Remote window. However, when you log in using screen sharing and the the casperscreensharing user it does not assume root privileges. At least, it hadn't when it worked for me. Ahhh, now I have something else to fix today ;-)

So... now I'm finding some pretty big issues using the 'casperscreensharing' user account to access a unit "Behind the scenes". When I connect to a 10.10.3 machine, the logged in account looses connection to it's current wireless network will NOT reconnect until after a restart. The credentials for the casperscreensharing user active on the unit which tends to complain about a restart as "there is another user logged in...". So far, I've briefly tested Casper Remote 9.72 and 9.65 (I run a 9.72 JSS) with identical results. First I was connecting to a 10.10.3 unit and a 10.9.5 unit from a 10.10.3 iMac, then from a 10.9.5 MacBook Pro. So far it looks like the 10.10.3 target OS is the issue, not the machine starting the 'screen sharing' session or the particular version of Casper Remote. That said, I did notice that the 10.9.5 target unit also lost it's wifi connection, though this was only temporary.

Just some quick tests on a number of machines. I don't tend to use this feature so I may not be super fast in diagnosing it. Are you seeing any of these issues @InsigniamLLC ?