Jamf Remote - Connecting as the logged on user while the computer is unattended

LevelUp
New Contributor II

Hey Jamf Nation,

I find myself in a position with some regularity whereby I need to connect to a remote computer to look at something the user is seeing on their machine, but the computer is currently unattended. I can't get the user's permission via the pop-up window because they're not at the computer, but I need to log in using their profile so I can see what they're seeing. When I connect to a remote computer through Jamf Remote v10.8.0, I'm given two options: (1) Ask for permission to view the display and (2) Log in as yourself: "casperscreensharing".

If I click the Back button, I'm taken to a screen that allows me to enter a username and password, which seems like it would be the solution, except entering the user credentials and clicking the "Sign In" button just takes me back to the "How would you like to connect?" dialog box.

I also see a section in the Jamf Remote Preferences there's an Accounts tab that allows me to add local user accounts, presumably to be able to log in using those credentials. When I try to create a user in the Local Accounts section, I'm unable to enter a username that contains a space (something I see on a lot of Macs).

Is there a way to connect to a remote computer using the account that's currently logged in while the computer is unattended?

Thanks in advance for your help!1183cc6b09b34232af56f2a633397be8

6 REPLIES 6

mm2270
Legendary Contributor III

The only way to log in while using Jamf Remote without someone clicking the Allow button would be to change your permissions for remote connection in the console. You can specify that no authorization is needed from the end user. But if you have an internal policy that says you need to have that option on, you would need to flip it between being on and off as needed.

Also, why are you trying to create a user account with spaces in it? That's unusual and the OS doesn't like that, which is why you're having trouble with that.

LevelUp
New Contributor II

Thank you for the quick response, mm2270.

Where are the permissions for remote connection that you're referring to? I haven't found any sections that address remote access permissions. I can connect to the remote machine without any user interaction if I want to login as the "casperscreensharing" user, which is a different profile from the one I'm trying to view. If I want to see what they're experiencing without them having to be there, I need to be able to connect to the computer and authenticate using the current user so I can log into their profile. Both LogMeIn and Teamviewer offer this option, so I assumed Jamf Remote does as well. It makes sense to me that my connection options would be to prompt the user for permission or to enter a user/pass for the machine (with the option to save those credentials for future connections to that machine).

The latter is what I thought the Local Accounts section in my second screen shot was for. That's why I was asking about the users that have spaces in their names. When a Mac I'm working on prompts me to enter the computer's password, the user presented usually has a space in it, in my experience. At the time, I wasn't thinking about the username behind the Display As name, and those never contain spaces, in my experience. Since it doesn't appear that Local Accounts section is for what I thought it was, can you tell me what that's for? It looks like a place where I can create local accounts to add to the target machine. What I'm looking for is a way to tell Jamf Remote what user I want to use to login.

On the "[user]" is currently using the display... screen (the first screenshot in my original post), if I click the Back button, I'm provided a way to enter user credentials, but I've never been able to successfully enter something that Jamf Remote (or the target computer) likes, so I don't know what Jamf Remote is asking for on that screen. I thought it was a way to enter the credentials for the user that you want to authenticate as, but I haven't been able to get it to work on any of my trial machines.

Any input you can provide on this would be greatly appreciated!

mm2270
Legendary Contributor III

Hi @LevelUp Sure, here is what you need to do. Keep in mind that you, or someone in your organization first needs to have the privilege to be able to change settings For Jamf Pro accounts. If for some reason you are not set to an administrator level account, you may not have the proper permissions to adjust this. But here is where to find it.

Click on the gear icon in the upper right when logged in to get to Settings. Click on "Jamf Pro User Accounts & Groups", locate your account and click the Edit button.

Click on the "Privileges" tab, then on "Jamf Remote"

46a728176cd8435789e170cb6be6385f

Then look for the "Screen Share with Remote Computer Without Asking" setting.

fac73104b68f443aba34641cfa030b94

That needs to be checked on.
Keep in mind this is a global setting, so you will then be able to screen share to any Mac enrolled in your Jamf Pro environment., assuming it's on the network, and the user will never know you are viewing their screen since they won't get any authorization pop up. It's been a while now since I used it, but that's how I recall this working.
For that reason, many places like to have that checked off, since it can be seen as a violation of user privacy. But, if you need it, and you and your org don't have a problem with it, there it is.

LevelUp
New Contributor II

Thanks for the update, @mm2270 . I found the settings you're referring to. I would have expected to see something at the root settings level for permissions like that, but it's good to know they're there. The funny thing is that when I checked those settings, I found all of the settings in the Privileges to be checked and grayed out. I could click the Edit button and Cancel or Save, but I couldn't change any of the settings in that section.

Also, I connected to two of my trial machines, selected the Log in as yourself: "casperscreensharing" radio button and clicked Connect, and on both machines, I connected to a login screen that allowed me to select the user I wanted and log in as them. The previous times I tried this option, I logged in as the "casperscreensharing" user, with its own profile, and I don't know what setting changed this behavior. Do you know if there's a setting that determines whether that radio button takes you to the target machine's login screen or logs you in as casperscreensharing?

Chris_Hafner
Valued Contributor II

Just adding a quick thing here. I've had circumstances where I tried using "Log in as casperscreensharing" only to find that I've knocked the entire unit offline because the credentials do not match the 802.1x cert. I haven't tried this in a while because, by policy, we deal with user account based issues, with the user.

LevelUp
New Contributor II

Thanks for the heads up, Chris. There's typically a user at the device in question, but there are times when I need reliable unattended access, so I'm hoping to understand how that works with Jamf Remote. Hopefully it won't come up very often.

Does anyone else have a good understanding of how unattended access and the "casperscreensharing" user works?