- Jamf Nation Community
- Products
- Jamf Pro
- Students using remote access to make others not so...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Students using remote access to make others not so happy...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-17-2015 12:37 PM
So I have some of my Freshmen class you have discovered a way to screen share and take control of other machines. Now this is starting to make the teachers unhappy and guess who gets the blame of it....
I am sure they are using the Shared on the left hand side of Finder and then looking through all the computers on the network. I need a way to end this and make sure they can no longer grab the access but I have a feeling that if I were to do so it would cancel the access with me as well. Which I am fine with because if there are issues I like to go speak face to face with them :P (which makes their day even happier!)
Any suggestions would be great in order to make their lives just a tad bit better when dealing with the IT guy!
10 REPLIES 10
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-17-2015 01:39 PM
You can go into "Sharing" in System Preferences and change remote management to only allow access for specific users. Add the user you want to have remote access, which will prohibit anyone who isn't specifically allowed.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-17-2015 01:43 PM
If you want to script it you can use:
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -users short,usernames,seperated,by,commas -access -on -restart -agent -privs -all -allowAccessFor -specifiedUsersTo get the man page on kickstart run:
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -h
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-17-2015 01:58 PM
In case its of interest, if the option for remote management is set allow all users, any non-admin user (even AD users) can use Apple Remote Desktop to send unix commands as the root user. Anything from gaining access to other users data, or deleting the entire target hard drive is possible when the Macs are configured with that option.
Definitely worth switching to specified users only!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-20-2015 08:28 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-21-2015 07:24 AM
Would simply changing the vnc port on the machines work?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-21-2015 09:02 AM
Why not set up Restricted Software items for both "Screen Sharing" and "Remote Desktop" and make sure to scope them to all student Macs. Be sure to use the restrict exact process name checkbox.
There's no reason they should need either of those applications to work on their systems. When someone remotely connects to a Mac over screen sharing, the Screen Sharing.app usually launches on their system (unless they have a copy of ARD and are using that instead) Blocking both of those should shut the applications down.
It should not interfere with your ability to remote control the Macs, I think. The process that kicks off in the background to control a screen is screensharingd if I'm not mistaken.
I would also go the measure of controlling who can control the screen through the kickstart options as mentioned above though.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-21-2015 12:41 PM
Hi there! I'm currently taking the CCT class in Los Angeles, and one of the first things we covered is using Recon to enroll a machine and set up a management account that is hidden from the login window and System Preferences.
You should use a hidden service account, such as casperadmin, set it as the "only" ssh account, and use a policy to block changes to the Sharing panel in System Preferences. This should stop 99% of your student shenanigans.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-21-2015 12:51 PM
Definitely a quick fix. You most likely already have a local account with administrative rights, and possibly one that is hidden as well. Make that account the only user setup in Remote Management. Deploy the script provided above via a policy scoped to your pranksters Macs and you're done. Got to admit that is pretty funny though...
Hi Brad. Get back to your class.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-22-2015 06:46 AM
As has been pointed out, the ideal way to solve this is by controlling which users can and cannot do remote access and screen sharing. Obscuring the vulnerability does not close it, and you're dealing with children having an abundance of curiosity and time, so somebody will figure out how to address the machines directly.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-27-2015 10:13 AM
Yep. I'm in agreement with pretty much everything posted here so far. With that said, I hope that there is some form of disciplinary action for students caught doing this. While it may seem to be a fun joke now, it's a real good way to get fired in the future (Them, not you).
