Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-3475: How to set the VNC password on Mac OS X via Group Policy

Mac & PC Management Service ,  

4 November,16 at 09:57 PM

Applies to: Centrify DirectControl on Mac OS X 10.6 and higher

When VNC is enabled for the first time on OS X, the VNC-only password it generates may not be known and needs to be configured manually.
Is there a way to set this password via GP?
Note: The OS X VNC service itself can be activated via the group policy at:
  Computer Configuration / Centrify Settings / Mac OS X Settings / Services / "Enable Apple Remote Desktop"
(VNC is bundled into the ARD service)

  1. Enable and setup a VNC password on one "template" Mac machine 
  2. Copy the /Library/Preferences/ out of the Mac and place it in an accessible network share, for example:

    \\ [domain] \ SYSVOL \ [domain] \
    (Or just create a new file on the AD server and copy the encrypted string contents from the template Mac)
  3. Push this file out to other Mac machines on the network using the GP at:

    Computer Configuration / Centrify Settings / Common UNIX Settings / "Copy files" 

    - Filename: (Browse to the appropriate location)
    - Destination: /Library/Preferences/ (Make sure the final slash is present)
    - Select "Specify permissions and ownership"
    -- File permissions: 0400
    -- File owner UID: 0
    -- Owner group GID: 0

    User-added image
  4. Enable the "Enable Apple Remote Desktop" GP:

    - Prevent VNC users from controlling the screen: Disabled

    User-added image

  5. To have the GP take effect immediately, go to another Mac, open the Terminal and run the command:


    VNC access should now be enabled under the same pre-configured password that was set on the original template Mac.
Note: VNC access in OS X will always go to the main login screen where the user can then login using their regular AD credentials, there is no direct account login for VNC in OS X.
(The following external links are provided as a courtesy)
For an SSH method of setting up the VNC password, please see the following article:
Alternativately, Apple Remote Desktop can also be configured via kickstart commands. Please see the following Apple KB for further detail:

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.