Oftentimes, I find myself needing to remotely control my MacOS/OSX computer over a network.
The built-in tools that come with Sierra (Screen Sharing, Back-To-My-Mac) do a great job of simplifying what could be a horrendously complex setup process, but they have one key limitation… Anyone with physical access to your remote computer can watch you mousing around doing stuff. Worse still – by unlocking your computer remotely, you’ve given your remote observer full access to your computer – they can disconnect you and have at your stuff.
Over in Windows-land, Remote Desktop has supported
/console mode for as long as I can remember. This type of access locks your computer’s local display, and creates a virtual console hidden from view to which your RDP session connects.
I believe Apple’s ARD product has similar features, but don’t feel like dropping AUD$129 for a feature that really should be free, and appears to be on life-support anyway.
Enter this StackExchange comment (side note: when the internet is good, it’s really really good).
So, to have secret access to my computers remotely, all I have to do is:
- Enable Screen Sharing in preferences
- Create a new managed user whose sole job is to be the actively-logged-in user
- Configure the Login Options to show fast user switching as an icon
- Log in with that user and configure their screensaver & security settings so as to lock the screen immediately post screen-saver.
- Consider setting up all screen corners as screen-saver triggers.
- Log out and re-login as your normal user
Before Walking Away:
- Click on the fast user switching icon, then login as the managed use
- Optionally set up a universal keyboard shortcut to script that action
- Start the screensaver
- Walk away
Now, when you connect to your computer from another via Screen Sharing or another VNC client, log in with your regular user credentials. The console screen will remain in either screen-saver or login mode, but your sharing session will show your full desktop.