Archive

Archive for July 7, 2017

Enabling least-privilege screensharing using Apple’s Remote Desktop Client and Screen Sharing.app

July 7, 2017 Leave a comment

In a number of Mac-using environments, there is often a need for IT staff to remotely connect to a Mac’s screen using Apple’s Remote Desktop application and work with the person on the other end to resolve a problem. However, there can be several technical and human-centric issues with enabling remote assistance:

  1. Authentication – To enable access using a username and password, that user account must be granted access rights by belonging to a group or by explicitly granting rights to a local account.
  2. Password rotation – If you’re enabling screensharing via granting access to a local account, the security requirements in most environments mandate that those passwords be changed on a regular basis. However, securely changing the account password on multiple remote Macs can be a management challenge on its own.
  3. Access privileges – A lot of folks don’t like the idea that someone they don’t know can take over access to their keyboards and screens without the remote customer saying it’s OK for them to do so. Frankly, I’ve been on both sides of this fence and I don’t like it either.

However, there is a way to enable screen sharing using Apple’s Remote Desktop Client and Apple’s Screen Sharing.app which does the following:

  • Removes the need for any account to be enabled for screen sharing access
  • Mandates that all screen sharing access be approved by the logged-in user
  • Does not allow screen sharing access if no user is logged in.

For more details, see below the jump.

Read more…

%d bloggers like this: