I was asked to create a hidden account that had remote control access through ARD but that also had to request permission from the user before being allowed access to the computer
Running the following in ARD/Unix using the root account will create a hidden standard account called "hidden", set the password to "Hidden123", turn on "request permissions to observe/control" and add the account to the Remote Management "allowed users" list:
dscl . -create /Users/hidden
dscl . -create /Users/hidden UserShell /bin/bash
dscl . -create /Users/hidden RealName "hidden"
dscl . -create /Users/hidden UniqueID 499
dscl . -create /Users/hidden PrimaryGroupID 1000
dscl . -create /Users/hidden NFSHomeDirectory /Local/Users/hidden
dscl . -passwd /Users/hidden Hidden123
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -users hidden -privs -none -clientopts -setreqperm -reqperm yes
A "UniqueID" lower than 500 will create a hidden account.
To remove the account (run as root through ARD):
dscl . -delete /Users/hidden
This works for Leopard and Snow Leopard
Showing posts with label DSCL. Show all posts
Showing posts with label DSCL. Show all posts
Monday, September 5, 2011
Tuesday, March 29, 2011
How to check a user's password from the command line using DSCL
Here is the command for checking a user's password via DSCL:
dscl /Active\ Directory/domainname authonly username
(where "domainname" is the name of the AD domain and "username" is the short name of an Active Directory user)
No output indicates that the user's password was verified.
dscl /Active\ Directory/domainname authonly username
(where "domainname" is the name of the AD domain and "username" is the short name of an Active Directory user)
No output indicates that the user's password was verified.
Subscribe to:
Posts (Atom)