Created
May 22, 2015 03:37
-
-
Save poundbangbash/636c7098c7da21d6a8e5 to your computer and use it in GitHub Desktop.
Allow AD user to Remote Management
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| username=INSERTUSERNAMEHERE | |
| # Check the username has been set | |
| if [ $username = INSERTUSERNAMEHERE ] | |
| then | |
| echo You need to set the username | |
| exit 1 | |
| fi | |
| # Create the ARD Interact group which allows Control and Observe | |
| dseditgroup -n /Local/Default com.apple.local.ard_interact | |
| if [ $? != 0 ] | |
| then | |
| echo "com.apple.local.ard_interact group does not exist. Creating" | |
| dseditgroup -n /Local/Default -o create com.apple.local.ard_interact | |
| else | |
| echo "com.apple.local.ard_interact group already exists" | |
| fi | |
| # Add the AD user to com.apple.local.ard_interact | |
| echo "Adding user $username to com.apple.local.ard_interact" | |
| dseditgroup -n /Local/Default -o edit -a $username -t user com.apple.local.ard_interact | |
| # Add the AD user is a member of com.apple.local.ard_interact | |
| echo "Verifying $username is a member of the com.apple.local.ard_interact" | |
| dseditgroup -n /Local/Default -o checkmember -m $username com.apple.local.ard_interact | |
| # Flush the DirectoryService member cache | |
| dsmemberutil flushcache | |
| # Restart ARDAgent | |
| echo Restarting ARDAgent. The remote task will now hang--feel free to cancel the task. | |
| /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -restart -agent -menu |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment