About access privileges with Remote Desktop
Access privileges let a Remote Desktop administrator add computers to a list and then interact with them.
If no access privileges are allowed on a client computer, that computer can’t be used with Remote Desktop. Access privileges are defined in the Remote Management section of Sharing preferences on each client computer.
The recommended access privileges for a client computer depend on how it’s used.
If the computer is used in a public area (for example, a computer lab), you may want to give administrators full access privileges.
If the computer is used by one person, you may not want to give administrators full access privileges, and you may want to allow the user to do some administrative tasks, including creating their own passwords and setting access privileges.
Important: Remote Desktop administrator access can be used maliciously to take unauthorized control of a user’s screen or delete a user’s files. Be judicious when granting administrator access and choosing access privileges.
If you allow access to the computer using Remote Desktop, the administrator can see the client computer in the Computer Status window and include it in Network Test reports, even if no other access privileges are selected.
Remote Management options in Sharing preferences
The table below shows the Remote Management options in the Sharing pane of System Preferences and the corresponding features of Remote Desktop.
Some commands require multiple permissions to be set on the client computer. For example, the “Install Packages” command requires the “Copy Items” and “Delete and replace items” permissions.
To grant an administrator additional privileges, such as renaming computer file-sharing names, select “Change settings.”
Select | To allow administrators to |
---|---|
Observe | Use the Interact command Observe. |
Control | Use Interact commands: Control, Share Screen, Lock and Unlock Screen. This setting is required in order to use the Upgrade Client Software and Change Client Settings features. |
Show when being observed | Automatically change the status icon to notify the user when the computer is being observed or controlled. |
Generate reports | Create hardware and software reports using the Report menu; use Spotlight Search. This setting is required in order to use the Send UNIX Command. |
Open and quit apps | Use Manage commands: Open Application, Open Items, Send UNIX Command, and Log Out Current User. This setting is required in order to use the Send UNIX Command. |
Change settings | Use Manage commands: Rename Computer, Send UNIX Command, and Set Startup Disk. This setting is required in order to use the Send UNIX Command. |
Delete and replace items | Use Manage commands: Copy Items, Install Packages, Send UNIX Command, and Empty Trash. Also delete items from report windows. This setting is required in order to use Upgrade Client Software and Send UNIX Command. |
Start text chat or send messages | Use Interact commands: Send Message and Chat. |
Restart and shut down | Use Manage commands: Sleep, Wake Up, Restart, Send UNIX Command, and Shut Down. This setting is required in order to use Upgrade Client Software and Send UNIX Command. |
Copy items | Use Manage and Server commands: Copy Items, Send UNIX Command, and Install Packages. This setting is required in order to use Upgrade Client Software, Change Client Settings, and Send UNIX Command. |