Created
April 7, 2021 21:40
-
-
Save MacChuck/6673caae183cb6270fcf1f2a47957b61 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Apple Remote Desktop and the screen sharing service on the Macs by default do not allow network accounts to remotely log in. This set of commands will create a screen sharing permission group on the Mac, enable directory logins to remote desktop, and add an AD group (when bound to AD) to the remote desktop permission group. | |
| ARD must already be enabled with screen sharing for this to work, you can't kick off ARD from nothing without GUI interaction as of macOS Mojave but you can modify it. | |
| Original info about how to do this pulled from the following google group: https://groups.google.com/forum/#!msg/macenterprise/-p6pyMPAt04/qRJ_VbIuscQJ | |
| Create the ARD Interact security group: | |
| sudo /usr/sbin/dseditgroup -n /Local/Default -o create com.apple.local.ard_interact | |
| Add an AD group by UUID to the ard_interact group. | |
| sudo dscl localhost -create /Local/Default/Groups/com.apple.local.ard_interact NestedGroups [UID of AD group without brackets] | |
| Configure ARD to allow directory logins. This specific example also enables non Mac VNC viewer access with a generic password (the last part of this command). | |
| sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -clientopts -setdirlogins -dirlogins yes -setvncpw -vncpw vncpassword | |
| Restart the ARD Agent | |
| sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -restart -agent |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment