Publishers of technology books, eBooks, and videos for creative people

Home > Articles > Apple > Operating Systems

  • Print
  • + Share This
Like this article? We recommend

Like this article? We recommend

User Accounts and Remote Desktop

When you add clients to a computer list, you need to authenticate with a user account that is specified as being allowed to manage the computer using Remote Desktop. This can be a local user of that computer that you specify using the Access Privileges button in the Sharing Pane of System Preferences when configuring Remote Desktop access manually (as shown in the following figure) or that you specify in a custom installer package that is used to configure the workstation (if the user you specify does not exist, the installer package will create it). You can also designate which functions that user account has when interacting with the computer via Remote Desktop.

If your network uses a directory domain and network user accounts (either Open Directory under Mac OS X Server or Active Directory under Windows Server), you can also create specific groups in the domain. Users who are members of these groups are automatically granted specific Remote Desktop access privileges to all Remote Desktop client computers that are part of the domain. Users can be members of more than one of these groups to give them combined privileges. These users can authenticate using their network user name when adding clients to Remote Desktop. These specific groups are as follows:

  • ard_admin—All Remote Desktop privileges with the exception of generating reports
  • ard_reports—The capability to generate reports but not manage or interact with computers
  • ard_manage—All management and deployment capabilities, but not the capabilities to manage or observe workstations or generate reports
  • ard_itneract—The privileges to observe and control computers and to send messages to users

By default any user who logs into an administrator computer can launch the Remote Desktop application. However, each user needs to configure the Remote Desktop application and access to client computers separately, which can be used to limit which management features separate users can access. There is also a tab in the Remote Desktop application preferences called Restricted Access that allows you to limit what non-administrator users of the administrator computer can do with Remote Desktop. These preferences can be set only by a user who has administrator access to the administrator computer and they override any access that non-administrator users might have, based on their level of access to Remote Desktop clients.

  • + Share This
  • 🔖 Save To Your Account