Two more things of note while I leave this topic behind and move on to dscl experimenting (so I can get ssh limited to only admin users):
1. Kickstarting ARD may also have something to do with /etc/RemoteManagement.launchd. It’s a weird one-line file created whenever the checkbox is on for Remote Management in SysPrefs/Sharing
2. My digging in [code]dscl . /Groups[/code] turned up com.apple.access_screensharing, which looks to be turned on for the admin group, even when ScreenSharing as a preference should be disabled due to ARD being configured. If ARD allows only specified users access, but VNC via the /System/Library/CoreServices/ScreenSharing.app allows any admin user to control the screen that would be…. wrong.
Just brainstorming out loud as I continue to deep-dive into making this right for my builds.
Allister
.
.
Comments are closed