Jamf Nation Community

rbingham917 · ‎07-08-2016

Hello everyone- I am curious how would I go about setting accounts en masse to have permissions for items within the sharing preference pane. My company is primarily a windows shop and the tier 1's would be using a different program to do screen sharing and file sharing and remote login. I would like to add an AD group, and a local service account that we have for those items.

If anyone can point me to a comprehensive list of where they are that would be immensely helpful

There's not a configuration profile for those items that I'm aware of, and I could not find anything when doing a simple composer -> capture process.

Thanks in advance.

mm2270 · ‎07-08-2016

Hi. If you're talking about selectively enabling/disabling the items in the Sharing PrefPane side panel, then sadly, this isn't really possible as far as I know. You either give clients access to all of them, or you block the entire Sharing Preference Pane in whole.

It'd be nice if Apple had added some more granular controls for these as well, but they haven't, and I somehow doubt they ever will.

koalatee · ‎07-12-2016

I have a script that runs weekly to keep our admin account active with ssh/screen sharing:

#!/bin/sh

# set specific remote access
    /System/Library/CoreServices/RemoteManagement/ARDagent.app/Contents/Resources/kickstart -configure -activate

# enable apple remote desktop for specific users
    /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -allowAccessFor -specifiedUsers 

# allow remote access for $admin
    /System/Library/CoreServices/RemoteManagement/ARDagent.app/Contents/Resources/kickstart -configure -access -on -users $admin -privs -all -restart -console

exit 0

You might be able to pare this down - I'm probably overlapping. I am not familiar with adding an AD group though.

Jamf Nation Community

Setting Sharing preferences