How can I get the list of allowed users for Remote Management via Terminal?

Question

I want to use a command line tool to get the list of allowed users for Remote Management (ARD). I was able to enable ARD using kickstart, but I'm having trouble finding how you get the information, not set it.

Is there a com.apple.Sharing or com.apple.ARD somewhere that I'm missing?

defaults /Library/Preferences/com.apple.ARDAgent

doesn't seem to give me the info I need.

Ok, did find

defaults /Library/Preferences/com.apple.RemoteManagement

but that only gave me whether all local users are allowed for ARD. That is useful, but I want a little bit more. Do I need to use dscl perhaps to find ARD groups?

Answer 1

I had a bit of a look at my Server and desktop Mac and it would seem that the permissions are stored in the local Open Directory database. The command dscl . -list /Users dsAttrTypeNative:naprivs when run by an admin will give you a list of users who have any privileges set for remote management.

Answer 2

@k3vmo in Tony's post.

Reading naprivs as shown in the command suggested by Tony (dscl . -list /Users dsAttrTypeNative:naprivs) does work on Sierra.

The Sharing preference "Remote Login" is different from the "Remote Management" setting, which is what the naprivs attribute reports on.

If you are interested in listing users with "Remote Login" access (i.e. users with SSH access), use the command:

sudo dscl . -read /Groups/com.apple.access_ssh/ | grep GroupMembership | cut -d: -f2

Remote Login = ssh access

Remote Management = screensharing/VNC access