Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Concerns Giving ARD to Users?

Title: Concerns Giving ARD to Users?

With the ARD 2 client installed on the machine, you can enable access by any VNC client in the ARD Access Privileges dialog from the Sharing pref pane. That would allow this user to remotely control their desktop, but would not grant any other privileges. They could then just use a freeware VNC client such as Chicken of the VNC to connect. You will set the password for VNC access and give it to them, so it should be something unique you can give to a user.

 

Do keep in mind that if you have SSH enabled, any user who has the admin passwords can still access those machines over the network without needing further tools. Doing so does require a knowledge of the UNIX command line; you probably know if these potential unauthorized users are a threat in that regard. You may want to think about either disabling SSH (if you don’t use it) or tightening the security further in /etc/sshd_config if you need to leave SSH enabled.

 

Cheers,

Ian

From: Holliday, Michael [mailto:email@hidden]
Sent: Friday, September 16, 2005 1:13 PM
To: email@hidden
Subject: Concerns Giving ARD to Users?

 

Good day,

What considerations or possible issues should I be concerned about regarding a user who would like to use ARD 2?  He renders 3D animations over weekends, and since they occasionally fail, he’d like to be able to check the progress using ARD over a VPN connection from his home.  This would spare him an hour round trip to the office.

We have three local administrator accounts on each machine.  We have modified the sudoers file so that our account and root are the only accounts capable of performing sudo commands.  But, there are a few people who know the password in the field, and that is not MY fault.  So, the user could own any machine in the network, if he obtained the ARD 2 console and our account password.  (We are planning to change our admin password soon, so that SHOULD help matters.)

I feel bad for the guy if he has to drive an hour on a Saturday to check his renders, but hey, I don’t want to compromise my systems either.  Is there a secure way to reach middle ground?

Thanks and have a great weekend,

Mike

Michael Holliday

CAD Specialist

Smurfit-Stone Container Corporation

Alton, Illinois

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Remote-desktop mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/remote-desktop/email@hidden

This email sent to email@hidden


Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.