Screen Sharing/SSH and AD Groups

New Contributor

Just wondering how everyone is handling their access lists for screen sharing and SSH.
I'm playing with this now and the script i'm using is as such:

sudo systemsetup -setremotelogin on
sudo defaults write /var/db/launchd.db/ -dict Disabled -bool false
sudo launchctl load -w /System/Library/LaunchDaemons/

sudo dseditgroup -o create -q
sudo dseditgroup -o create -q
sudo dseditgroup -o edit -a 'AD GROUP' -t group
sudo dseditgroup -o edit -a 'AD GROUP' -t group

I've run this on a few test machines, all works OK and i confirm that my account (located in that AD group) exists in

However when trying to VNC onto one of these machines, it does not accept any credentials, even though my credentials exist in that group now? Maybe i've missed something out that someone can point out



Valued Contributor

I'm doing it this way prior via script.

#Set VNC console default
sudo defaults write /Library/Preferences/ VNCAlwaysStartOnConsole -bool true

# Set VNC Password
sudo /System/Library/CoreServices/RemoteManagement/ -configure -clientopts -setvncpw -vncpw PASSWORD -restart -agent

# Reset Screen Sharing password and privs
# Set ARD privs and users with these two lines. They MUST be separate lines!
sudo /System/Library/CoreServices/RemoteManagement/ -activate -configure -allowAccessFor -specifiedUsers

sudo /System/Library/CoreServices/RemoteManagement/ -configure -users USERS_HERE -access -on -privs -all -restart -agent

Valued Contributor

I have not yet applied the settings via the command line, but when troubleshooting screeensharring I usually check the membership of the following groups: