Posted on 05-26-2017 06:17 AM
We need to remove a local admin account from the Remote Login screen and add a newly created local admin account. Having some trouble with the various terminal commands out there on the net to add this. We were able to remove the old. But not add the new. Anyone know why we can't get it to show up in the same box as the Administrators is in this screenshot? Is there a better command/script we should be using for Sierra? 10.12.5 maybe?
Posted on 05-26-2017 06:34 AM
Does the admin account have an ID below 500? Then typically it is hidden from view in most of the GUI boxes.
Posted on 05-26-2017 07:14 AM
@monaronyc used this in the past :
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -allowAccessFor -specifiedUsers
Replace specifiedUsers with user and test.
Posted on 05-26-2017 07:31 AM
For more info, and to get a little more control over what you're enabling, I used @rtrouton's great post here to build out a script to execute what we needed. There is a problem with some of the more recent versions of ARD not building that package properly, and I opened a ticket with AppleCare OS and they provided a workaround which was supposed to be patched into a later build of ARD. That fix was back in December, so it may be baked in by now.
Posted on 05-26-2017 07:52 AM
@jhalvorson Definitely not hidden. We used a recon package to create the new local admin account on the desktops. And we went back to look at the .pkg setup in Recon and hide management account is definitely not selected.
@MAD0oM Thanks for this. We get Unknown option: (the account name) and we checked the account on the test machine. Logged in with it as well. Nada. I added -users to the string and it seems to have gone through. but we still don't see it in the list. Any ideas?
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -allowAccessFor -Users -specifiedUsers
@easyedc We're using ARD 3.9 and that create client installer was removed. FIGURES!
Posted on 06-20-2017 03:17 AM
I'm currently looking in to doing this also.
@monaronyc Just noticed from the above that is refering to RemoteManagement and not RemoteLogin.
Is there a way to flush current users and setup from scratch?
Posted on 06-20-2017 04:51 AM
Test at your own risk but i've managed to do it in my environment pulling together snippets of info
sudo systemsetup -setremotelogin on . (even if already on this also seems to reset it from all users to specific)
sudo dseditgroup -o create -q com.apple.access_ssh (this allows you to use the dseditgroup command)
sudo dseditgroup -o edit -a test -t user com.apple.access_ssh . (this allows you to add a specific user replace test with your user)
Works for me.
I next want to do the same principle for remote management to lock that down to specific users.
Posted on 06-20-2017 05:19 AM
Here is the script I use to clear up the Remote Management settings:
#!/bin/sh #screenSharing_Disable /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -off #uninstall all existing ARD Settings and prefs /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -quiet -uninstall -settings -prefs /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -quiet -restart -agent -console /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -off
Here is the script I use to enable screen sharing for our jss management account, "JSSManagementAcct"
#!/bin/sh #screenSharing_Enable /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -allowAccessFor -specifiedUsers -restart -agent /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -users JSSManagementAcct -access -on -privs -ControlObserve -ShowObserve -restart -agent
It's cobbled together from the the following: