Sign in as an administrator to change this setting remote desktop

To prepare a client computer for administration, you enable Remote Management and set administrator access privileges in Sharing preferences. You can set access privileges for all users or specific user accounts.

1. On the client computer, choose Apple menu > System Preferences, then click Sharing.

2. In the Sharing pane, select Remote Management.

3. To allow access for all users with an account on the computer, select All users.

   All users are given the same access privileges.

4. To allow access for specific users or to give users specific access privileges, select Only these users, then select a user in the list. If you need to add a user, click Add

   , select the user, then click Select.

5. Click Options, select the access privileges you want to give, then click OK. (To select all options at once, hold down the Option key while clicking an option.)

   Your changes take effect immediately.

6. If youre changing access for specific users, repeat steps 45 for each user.

You can check and change the administrator privilege settings of client computers using Remote Desktop.

After you add client computers to a computer list, you can use the Change Client Settings command to change their administrator access privileges.

To maintain a secure Remote Desktop environment, regularly review administrative settings. You can also assign limited privileges to certain users so they can only do specific tasks, thus reducing the chances that subadministrators can do harm.

If youre using directory services to designate administrator privileges, you dont need to change the settings on the clients.

You dont need to make a selection on every page of the Change Client Settings assistant. You can click Continue to move to the next set of settings.

1. In Remote Desktop

   , select a computer list in the sidebar of the main window, select one or more computers, then choose Manage > Change Client Settings.

2. Click Continue.

3. In Starting Remote Desktop, select the following options, then click Continue.

   • Choose whether to start remote management at system startup.

   • Choose whether to hide or show the Remote Desktop menu bar icon.

4. In User Accounts, choose whether to create a new user that can administer the computer using Remote Desktop, then click Continue.

   Creating a new user account with Remote Desktop administrator privileges doesnt overwrite existing user accounts or change existing user passwords on the client computer.

   If you choose not to create a new user account, skip to step 6.

5. In Users to be Created, click Add, then enter the users name and password. When you finish adding users, click Continue.

6. In Incoming Access, choose which users to give administrator access privileges by doing one of the following:

   • Select Enable directory-based administration to give access to users with accounts in a specified group on a directory server. For information, see Enable directory services group authorization.

   • Select Set Remote Desktop access mode to choose whether to give uniform remote management access privileges to all local users, or to give access to specific local users. If you deselect this, the client computers settings are used.

   • Choose whether you want to set remote management access privileges for specific users. If you choose not to set remote management access privileges for specific users, skip to step 8.

7. In Access Privileges, click Add to add a user, or select an existing user and click Edit. Provide the users short name and set the privileges. Then click Continue.

   For information, see About access privileges.

8. In Screen Sharing Options, do the following, then click Continue.

   • Choose to allow temporary access to a guest administrator when the administrator requests permission on the client computers.

   • Choose whether to allow computers running non-Apple VNC software to control the client computers.

   For information, see Virtual network computing access and control.

9. In System Data, enter information about this computer that you want to appear in System Overview reports. For example, you can enter a serial number, asset tag number, or a users name. Then click Continue.

10. Review your settings, and choose to execute the change using the app or a dedicated Task Server. Then click Change.

    For information, see Configure a remote Task Server.

    The client configuration assistant contacts all selected computers and changes their administration settings.

If the client computers are bound to a directory service, you can grant Remote Desktop administrator access to specific groups in the directory without enabling any local users.

Because you can grant access using named groups from your directory services domain, you dont have to add users and passwords for authorization. When directory services authorization is enabled on a client, the user name and password an administrator enters when authenticating to the computer are checked in the directory. If the name belongs to one of the Remote Desktop access groups, the administrator is granted the access privileges assigned to the group.

• Do one of the following:

  • Use predefined groups with names that correspond to the privilege keys: ard_admin, ard_interact, ard_manage, and ard_reports.

    If the groups dont already exist in the directory, you can create new groups with the reserved names.

    The group names correspond to Managed Preferences keys and have the same privileges as the key. The corresponding privileges are automatically assigned to these specially named groups. Theres no need to add the Managed Preferences key to the group record.

  • Create groups and assign them privileges through the MCXSettings attribute on any computer record, any computer group record, or the guest computer record.

Management privilege	ard_admin	ard_reports	ard_manage	ard_interact
Generate reports
Open and quit apps
Change settings
Copy items
Delete and replace items
Send messages
Restart and shut down
Control
Observe
Show being observed

Allow one-time access to a Remote Desktop administrator who doesnt have a user name or password for the client computer.

Each time the Remote Desktop administrator wants to control the client computer, the administrator must request permission.

1. On the client computer, choose Apple menu > System Preferences, then click Sharing.

2. Select Remote Management in the list at the left, then click Computer Settings.

3. Select Anyone may request permission to control screen, then click OK.

You can control what a non-administrator can do when using Remote Desktop.

When a non-administrator opens Remote Desktop, it operates in user mode. You can control which tasks a non-administrator can perform in this mode. For example, you might not allow non-administrators to copy or delete files, but you might allow them to observe screens and send messages.

Changing what a non-administrator can do is no substitute for enabling proper access privileges in the Sharing pane of System Preferences on the client computer. For information, see About access privileges.

Each task can be enabled independent of the others, or you can enable all Remote Desktop features for non-administrator users. Make sure youre logged in as an administrator user.

1. In Remote Desktop

   , choose Remote Desktop > Preferences, then click Security.

2. Select Access restricted to the following features to enable or disable features.