I was asked to create a hidden account that had remote control access through ARD but that also had to request permission from the user before being allowed access to the computer
Running the following in ARD/Unix using the root account will create a hidden standard account called "hidden", set the password to "Hidden123", turn on "request permissions to observe/control" and add the account to the Remote Management "allowed users" list:
dscl . -create /Users/hidden
dscl . -create /Users/hidden UserShell /bin/bash
dscl . -create /Users/hidden RealName "hidden"
dscl . -create /Users/hidden UniqueID 499
dscl . -create /Users/hidden PrimaryGroupID 1000
dscl . -create /Users/hidden NFSHomeDirectory /Local/Users/hidden
dscl . -passwd /Users/hidden Hidden123
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -users hidden -privs -none -clientopts -setreqperm -reqperm yes
A "UniqueID" lower than 500 will create a hidden account.
To remove the account (run as root through ARD):
dscl . -delete /Users/hidden
This works for Leopard and Snow Leopard
No comments:
Post a Comment