Applies to: Centrify DirectControl on Mac OS X 10.6 and higher
When VNC is enabled for the first time on OS X, the VNC-only password it generates may not be known and needs to be configured manually.
Is there a way to set this password via GP?
Note: The OS X VNC service itself can be activated via the group policy at:
Computer Configuration / Centrify Settings / Mac OS X Settings / Services / "Enable Apple Remote Desktop"
(VNC is bundled into the ARD service)
- Enable and setup a VNC password on one "template" Mac machine
- Copy the /Library/Preferences/com.apple.VNCSettings.txt out of the Mac and place it in an accessible network share, for example:
\\ [domain] \ SYSVOL \ [domain] \
(Or just create a new com.apple.VNCSettings.txt file on the AD server and copy the encrypted string contents from the template Mac)
- Push this file out to other Mac machines on the network using the GP at:
Computer Configuration / Centrify Settings / Common UNIX Settings / "Copy files"
- Filename: (Browse to the appropriate location)
- Destination: /Library/Preferences/ (Make sure the final slash is present)
- Select "Specify permissions and ownership"
-- File permissions: 0400
-- File owner UID: 0
-- Owner group GID: 0
- Enable the "Enable Apple Remote Desktop" GP:
- Prevent VNC users from controlling the screen: Disabled
- To have the GP take effect immediately, go to another Mac, open the Terminal and run the command:
VNC access should now be enabled under the same pre-configured password that was set on the original template Mac.
Note: VNC access in OS X will always go to the main login screen where the user can then login using their regular AD credentials, there is no direct account login for VNC in OS X.
(The following external links are provided as a courtesy)
For an SSH method of setting up the VNC password, please see the following article:
Alternativately, Apple Remote Desktop can also be configured via kickstart commands. Please see the following Apple KB for further detail: