Enabling ARD client automatically enables Screen Sharing

Similar Messages

• Enabling screen sharing through .mac or VNC

  I want to enable screen sharing on my desktop computer from another network (so I can connect to my home machine from the office, or on the road). I have successfully enabled my router to allow VNC traffic, and have been able to connect from my laptop on another network. Everything seems to be working fine besides the fact that I am concerned about having port 5900 open on my home router. Is connecting using a .mac account more secure? I suppose I would be able to turn off port 5900 on my router, but I'd also have to pay $100 a year, and worry about someone hacking my .mac account also (I really wish that apple would come out with [FREE] remote desktop software like windows!).

  My last effort
  turn on process accounting:
  "mkdir /var/account"
  "touch /var/account/acct"
  "accton /var/account/acct" or reboot
  "chmod o-rx /usr/bin/lastcomm"
  "chmod -R o-rx /var/account"
  Everything has to be run in sudo. If you do the above, then run sudo lastcomm and check what that says.

• How can I remotely enable Screen Sharing remotely on 10.8?

  Is there a way to remotely enable Screen Sharing from another mac? I'm using 10.8.

  I assume you mean by remote login.
  To enable via SSH to an admin account:
  sudo launchctl load -F /System/Library/LaunchDaemons/com.apple.screensharing.plist
  To disable:
  sudo launchctl remove com.apple.screensharing

• Enable Screen Sharing from command line

  I inadvertently removed screen sharing from my mac mini server firewall but I can still ssh into it. How can I enable either screen sharing or remote management via ARD?
  Thanks so much,
  J.

  Sorry for the imperfect instructions, I was doing it from memory.
  First, set up secure ssh credentials by doing the public/private RSA key exchange.
  Based on someone else's suggestion I found on the web, I created an "alias" command in my .tcshrc file. I just launch a terminal session and use my alias I've created, followed by my ssh credentials on the remote machine, and the alias/script does the rest.
  Begin fragmment from my .tcshrc....
  echo " myvnc ACCOUNTNAME = connect to ACCOUNTNAME via VNC"
  alias myvnc 'ssh -f -L 1202:localhost:5900 \!:1 sleep 10 ; open vnc://localhost:1202'
  ... End fragment.
  So when I want to vnc I just type
  $ myvnc [email protected]
  In fact, after a while, I got tired of reading all the server logs of people trying to hack my server over port 22 (ssh standard port). Once you have the alias command above working for you, you can pick a different port on your server's firewall, and forward it to port 22 inside the firewall. That way, hackers that scan your port 22 won't get any response.
  Once you do this, you can revise the alias in your .tcshrc to also include the "-p" ssh argument, so hep save you the trouble of remembering the ssh port you have moved your server conversation to. For example, it you decided to close port 22 at the firewall, and forward port 2222 (just an arbitrary number I picked) to your server's port 22 inside the fire wall, your alias line would look like this...
  alias myvnc 'ssh -p 2222 -f -L 1202:localhost:5900 \!:1 sleep 10 ; open vnc://localhost:1202'

• Upgrade from iChat 3.1.8 to 3.1.9 & enabling Screen Sharing options

  Hello,
  I am trying to help my best friend use her old mac with iChat and she does not have all the options available to her.
  First of all, she has the following mac:
  iMac G5
  PowerMac 8,1
  Mac OS X 10.4.11
  iChat 3.1.8
  I bought her a webcam with microphone so we could video chat and it works perfectly. It was the Rocketfish HD Webcam from BestBuy about $50.00 (http://rocketfishproducts.com/products/computers/RF-HDWEB.html).
  We where able to video chat perfectly and we even used the video chat to chat 3-way with another friend using iChat.
  When explaining all the features to her, I was trying to show her how to use the share-screen feature, but we realized she did not have that option available to her.
  My questions are:
  1) How to make this screen-sharing option available to her?
  2) Does the upgrade to iChat 3.1.9 have that feature enabled? What does the 3.1.9 upgrade have that the 3.1.8 version doesn't? Where can I get this upgrade from? Is there a higher iChat 3 version other than 3.1.9?
  3) Is there any way to upgrade her to iChat 4 or higher without having to upgrade her whole operating system?
  4) Is there any free third party software that can enable her to share her screen using iChat 3?
  Thank you for your help,
  Melissa

  Hi,
  Re 1) Only by upgrading to iChat 4 or 5
  Re 2) No. See 1) above.
  Re 3) No. Each iChat version goes/comes with the OS involved. In fact it is particular about getting it's Updates when the OS is Updated. Reinstalling iChat from an Install Disk requires you run the COMBO OS Updater of the OS level you are at to update iChat to that level.
  Re 4) YES http://www.pleasantsoftware.com/showmacster/
  This comes with a set of preset pics that can be On or Off instead of the Video feed.
  It has some other settings and one of these can be a section of the Screen as Video feed.
  It has a demo to try and cost less than $20
  It will do slide shows of Pics and Annotate single pics if you use the white board option.
  Also try the Demo of this (it is cheaper as well).
  It does not mention it in the blurb but it used to have a feature for changing the Video feed and this could be the Desktop (in fact if you didn't/don't delete it the default on Demo Expiry was/is to show the Desktop)
  Both are compatible with each other.
  Both warn you that they don't work in Snow Leopard (iChat 5 Can see the stuff they send OK)
  NOTE:
  It is a Display of her Screen only and is not interactive mouse wise from your end. As it is still a video chat you can talk her through things though.
  Both will work up to iChat 4.0.9 which may give you the option of Installing for Demo-ing something to her.
  10:48 PM Monday; August 16, 2010
  Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"

• Automatically accept screen sharing from specific user ???

  My mother is a newbie mac user. To be honest, she's a newbie computer user - full stop. She did inherit my PC laptop when I switched, but within a week she had crashed it. The mac she has is still running. (And guess who got it for her. I'm a good daughter.)
  Anyway - her G4 Powermac is running Leopard like a dream. In fact it is much faster now than before. Still, she has a few issues. Like the other day, she couldn't get music through her speakers and I'm abroad at the time.
  I asked her to accept a screen share, she did. I fixed the speaker issue and closed the screen share. She is happy as larry. But that got me thinking. Is it possible to automatically accept screen share from certain users? That would be a great help if that would be possible.
  Thanks in advance.

  Musicsites, here is your answer. Just follow the instructions completely and it will work quite well. I have it running and it allows my iMac to automatically answer incoming Screen Sharing requests ONLY from my MacBook.
  <http://www.getstonered.com/2007/11/applescript-automatically-accept-ichat.html>
  Mike

• ARD Newbie - Remote administration/screen sharing

  Here is the setup:
  Admin: OS 10.5.8, ARD 3.3, Connected via Airport Express (802.11g)
  Client: OS 10.5.8, Remote Management/Login enabled in System Preferences, Connected via Airport Express (802.11n), NAT enabled/ports mapped for ARD.
  I still cannot connect to client's Mac via ARD. I choose File> Add By Address in ARD and provide the client's IP as well as User/Pass. ARD fails to verify.
  Can someone point me in the right direction? Thanks!

  Nevermind; wasn't forwarding to the right address. Works now.

• Can connect with Server Admin and Server Prefs, not Screen Sharing or ARD

  Just set up 10.5 server on my G5, and trying to connect from 10.5 on my iMac. I have tried both with the server System Preferences set to allow Screen Sharing via VNC, and with Remote Management enabled for ARD. In both cases, I get authentication errors when trying to connect from home. I have tried with both the full username, and with the short name of the only account on the server. My assumption is that, since this is the administrator account, I don't need to setup explicit privs for it on the server.
  I can authenticate without any trouble with both Server Admin and Server Preferences.
  The Firewall is not enabled on either machine, although I am behind a NAT router at home -- is it necessary to open any special ports to enable screen sharing? Is it possible that having these ports closed would produce an authentication error?
  Thanks for any help.

  Hi
  I'm going to assume you configured your Server in Standard Configuration and not Workgroup or Advanced?
  When using Standard in setting up the server DNS is automatically configured for as well as the Server taking an Open Directory Master Role. The admin account created at the beginning is for administering the Open Directory. Unknown to you and not documented at all - as far as I can see - is the 'Local Administrator' (localadmin) account.
  You only become aware of this account if for some reason you have a problem with the Server which involves demoting to Standalone (ie not an Open Directory Master) once this happens you find you can't log on to the Server anymore or communicate with any of the Server applications because it won't accept any username or password other than root and localadmin for the name and the password defined for the original admin account you created right at the beginning.
  Sometimes it does not even take demotion to find yourself locked out of the Server. Some have experienced this problem when running the Security Update or when some other problem has occured.
  Part of the process of creating an Open Directory Master involves the creation of a 'special' directory administrator account. This account is used for administering the LDAP node. If demotion takes place this account gets blown away along with all users and group accounts that exist in the LDAP node, in fact everything to do with Open Directory is destroyed apart from Users' home folders.
  Why demote if this happens? Sometimes the LDAP database gets damaged/corrupted beyond a point where normal troubleshooting methods fail. This can happen for a whole variety of reasons but more often than not is due to a poorly configured DNS Service. You basically only have two options once you reach that stage. A server reinstall involving a format and rebuild or a demotion to Standalone. Which option would you choose? Prior to demotion you can (if you have the chance) export users and groups or even archive the LDAP database itself for restoration later on. This is a useful option as everything to do with the LDAP Server is retained - passwords, users, groups etc. The other method of saving users etc does not retain passwords.
  As time goes on and you become more familiar with your server you will find more and more of this information out for yourself. Hopefully the simple advice I've given helps you understand Open Directory a little better.
  Hope this helps, Tony

• ARD and Screen Sharing?

  I want to be able to provide screen sharing access for my users when the connect via VPN however when I switch screen sharing on I can't use ARD to administer their machines.
  Is there a way around this?

  You don't/can't enable Screen Sharing when using ARD. When using ARD, screen sharing is handled by clicking the Remote Management box in the Sharing system preferences. You can't have one or the other.

• Screen Sharing / vnc with OS X 10.5.6 fails

  I can not get the Screen Sharing that comes with OS X 10.5.6 to work with any vnc client. The server is my laptop, an MBP 2.4 GHz Intel running OS X 10.5.6.
  *I enable Screen Sharing by doing the following:*
  1) +System Preferences > Sharing > Screen Sharing+ is checked
  2) +System Preferences > Sharing > Screen Sharing > Computer Settings > Anyone may request permission to control screen+ is checked
  3) +System Preferences > Sharing > Screen Sharing > Computer Settings > VNC viewers may control screen with password+ is checked and I've entered a password
  4) I also have Remote Login enabled for SSH access, but no other services are enabled.
  *I see two different behaviors depending on one of two clients that I try using:*
  1) +Chicken of the VNC v2.0b4+ running on same machine- Always says "Connection Terminated / Authentication Failed" without ever asking for a password. Logs the following in system.log (dates, hostnames and pids removed):
  Chicken of the VNC: Server reports Version RFB 003.889
  Chicken of the VNC: Bogus RFB Protocol Version Number from AppleRemoteDesktop, switching to protocol 003.007
  I believe that the information in system.log is OK, and is just warning me that Chicken of the VNC is working around Apple's strange protocol version.
  2) +TightVNC 1.3.9 on Windows XP sp2+- Says "Security type requested", then asks for a password. I enter it, click OK and tightvnc simply waits endlessly.
  *Other Notes:*
  1) I have tried configuring and starting the server using kickstart from the command line as suggested at http://support.apple.com/kb/HT2370 (+sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/k ickstart -activate -configure -access -on -restart -agent -privs -all+)
  2) I have tried unchecking +VNC viewers may control screen with password+, but in this case Chicken of the VNC says "Please configure Apple Remote Desktop to allow VNC Viewers to control the screen. Unknown authType 30,31,32" and TightVNC says "Server did not offer supported security type!"
  3) If I disable the Screen Sharing feature that comes out of the box with OS X, I CAN install and successfully run the OSXVnc server available at http://sourceforge.net/projects/osxvnc/. In this case, both Chicken of the VNC and TightVNC are able to connect.
  *So Apple's Screen Sharing does not work. Does anyone know what the problem is? Are there any log files I can look at, or is there another way I can debug this? I'm not impressed. :)*

  Thanks for the suggestion. It was possible that one of these files had become corrupted, so I tried moving each of these files to another directory but unfortunately I'm still seeing the same behavior.
  Here's what happens with each of these files individually after they're moved:
  1) When I set the VNC password in the system prefs, com.apple.VNCSettings.txt gets re-created (with the same contents as the original unless I change the password, so that just looks like a hash of the password).
  2) com.apple.RemoteManagement.plist also gets recreated when I change the system prefs. If I use "sudo plutil -convert xml1 com.apple.RemoteManagement.plist" I get the following:
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
  <plist version="1.0">
  <dict>
  <key>ARD_AllLocalUsers</key>
  <true/>
  <key>ARD_AllLocalUsersPrivs</key>
  <integer>2</integer>
  <key>ScreenSharingReqPermEnabled</key>
  <true/>
  <key>VNCLegacyConnectionsEnabled</key>
  <true/>
  </dict>
  </plist>
  3) For me, com.apple.RemoteDesktop.plist does not exist.
  4) Interestingly, com.apple.ARDAgent.plist does not get created until I run "sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/k ickstart -activate -configure -access -on -restart -agent -privs -all". Its XML contents are as follows:
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
  <plist version="1.0">
  <dict>
  <key>AdminConnectInfoList</key>
  <dict/>
  <key>AgentLogLevel</key>
  <integer>3</integer>
  <key>ServerConnectInfoList</key>
  <dict/>
  <key>Version</key>
  <real>3</real>
  </dict>
  </plist>
  Looking at this, I tried setting ScreenSharingReqPermEnabled to false, but that didn't help. Then I increased AgentLogLevel to 100 and got a lot of output in system.log (12:28:45 is when I restart the server and 12:29:34 is when I try to connect):
  Feb 24 12:28:45 ARDAgent [749]: ******ARDAgent Launched******
  Feb 24 12:28:45 ARDAgent [749]: got a sessionDict, onConsoleRef is 0xa04cd400
  Feb 24 12:28:45 ARDAgent [749]: grUserOnConsole is 1
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 122
  Feb 24 12:28:45 ARDAgent [749]: LoadMenuExtra: Attempting to unload menu extra
  Feb 24 12:28:45 ARDAgent [749]: PostNotificationForced: Going to send notifation value 9
  Feb 24 12:28:45 ARDAgent [749]: UpdatePrefs: versionFlt : 0.000000 kCurrentPrefsVersion : 3.000000
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 44
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 22
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 100
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 94
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 96
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 18
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 106
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 74
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 130
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 60
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 45
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 65
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 66
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 105
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 115
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 38
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 12
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 61
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 20
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 62
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 39
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 30
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 101
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 53
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 103
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 107
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 109
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 135
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 41
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 110
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 111
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 28
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 36
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 48
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 59
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 57
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 116
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 58
  Feb 24 12:28:45 ARDAgent [749]: InitAppUsageHandlers: Called gTrackingDays is set to 0
  Feb 24 12:28:45 ARDAgent [749]: CheckRFBServerPIDFile: return 679
  Feb 24 12:28:45 ARDAgent [749]: RemoteCommandListenerThread init communications
  Feb 24 12:28:45 ARDAgent [749]: RFBServerStart - did not kill 679
  Feb 24 12:28:45 ARDAgent [749]: DOCStartDOC: No serial number. Task Server not started.
  Feb 24 12:28:45 ARDAgent [749]: DT_InitLocalProcessing: Loading existing tasks from disk.
  Feb 24 12:28:45 ARDAgent [749]: DT_InitLocalProcessing: Found 0 tasks
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 158
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 117
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 118
  Feb 24 12:28:45 ARDAgent [749]: AddHandler: Added handler for cmdCode 162
  Feb 24 12:28:45 ARDAgent [749]: ARD Agent: RFB Server exited quickly after starting - probable failure.
  Feb 24 12:28:45 ARDAgent [749]: PostNotificationForced: Going to send notifation value 6
  Feb 24 12:28:45 ARDAgent [749]: PostNotificationForced: Setting lastNotification to value 6
  Feb 24 12:28:45 ARDAgent [749]: ******ARDAgent Ready******
  Feb 24 12:29:34 Chicken of the VNC[693]: Server reports Version RFB 003.889
  Feb 24 12:29:34 Chicken of the VNC[693]: Bogus RFB Protocol Version Number from AppleRemoteDesktop, switching to protocol 003.007
  Feb 24 12:29:36 ARDAgent [749]: PostNotificationForced: Going to send notifation value 1
  Feb 24 12:29:36 ARDAgent [749]: PostNotificationForced: Got request for kCurrentStateNotification. Sending value 6
  Interesting that it says "ARD Agent: RFB Server exited quickly after starting - probable failure." That doesn't sound too good.
  I will try to watch fs_usage more closely to see what else gets modified and accessed, but I'm increasingly suspicious that there's simply a bug which is showing up under whatever specific conditions I have on my machine. Perhaps the included log info will trigger an idea for someone.

• Screen sharing and remote management no longer working after some uptime

  Server is withoiut monitor.
  Users need to login via screen sharing from time to time.
  "Enable screen sharing and remote management" is ticked in Server.app everything is working fine (for days, weeks).
  ARD reports "Screen Sharing Available", so remote management is not running how it should.
  Screen Sharing.app is "Connecting…" forever.
  Kickstarting ARD (http://support.apple.com/kb/HT2370) does not help.
  Restart fixes it.
  Is there a workaround (over ssh) or a fix?

  seduc wrote:
  Do you know if
  fdesetup authrestart
  works then too?
  Off-hand, no.   I don't.  See this posting, or as would be typical in any case, try it?

• I cant get screen sharing to work on my home network

  I am trying to connect my macbook pro to screen sharing so i can access it at my school computers, which are all iMacs running 10.6.6. When i was at school, and connected to the wireless network at my school i could screen sharing through the finder>go>connect to server. Once screen sharing was enabled i just entered the vnc address and it connected flawlessly. When i got home, and i set my netgear router( wireless-n 150 model: wnr100v2) for port forwarding start port: 5900 end port:5900 server name vnc, and set the ip address to my computer, and when i tried to screen share from another macbook within my network through the finder>go>connect to server, i could not connect. Oddly when i connected my mobile me, i cold screen share over the network. I want to do a WAN screen sharing and i cannot figure out how do do it. I would appreciate any help because it is very important that i enable this feature.

  I'm a little confused by your explanation (it's late), so I am going to say what I think I read:
  You want to set up your home computer so you can access it via screen sharing from school.
  The home computer needs sys prefs sharing screen sharing enabled, and sys prefs security firewall must allow it, too. You port forward port 5900 through your home router to that home computer, which may or may not require that you use a static "192.168.x.x" (or "10.x.x.x" -- whatever the router's LAN subnet is) LAN IP address on that computer -- some routers require that computers acting as servers have static IPAs -- some routers don't.
  You need to find out what is the public (internet-facing) WAN IP address that your ISP has assigned to your router; it is not the 192.168.x.x (or 10.x.x.x) address given to your home computer by your home router. You can find that by going to http://checkip.dyndns.com on your home computer. Unless you pay extra for a static public IP address from your ISP, ISPs may (and do) change it periodically on you without warning. So vnc://123.45.67.89 may work one day but not the next.
  Some routers have a built-in feature to work around this by allowing the router to advise dynamic DNS servers of any changes in the public-facing IP address of the router. Of course, you need to have established an account with a dynamic DNS provider so you have a host name (like lomberg.noip.com or lomberg.dyndns.com). These are generally free accounts unless you want a special name that doesn't have the dynamic DNS provider as part of your host name.
  If your router does not have this capability, these dynamic DNS providers have a piece of software that you will need to install on your home computer (the "VNC server") that reports changes in your public-facing IP address to their DNS servers.
  Once this is done, then from afar, you can ⌘k to vnc://lomberg.dyndns.com (or whatever you set up your host name to be with dyndns or equivalent outfit) and you don't need to worry about what your ISP has done to you with regards to your public-facing WAN IP address du jour.
  Note that with some (most?) routers, when you are on your home network, you will not be able to vnc to the host name or numeric WAN IPA in this manner. I don't know why it doesn't work, it just doesn't. I've had modems both ways -- my current ISP rental modem doesn't while the previous one (which broke so I had to replace it with my current POS modem) did. So in such case, you have to vnc://192.168.x.x of the "vnc server" computer when you are on the same LAN.
  You are aware that on the client (school) machine, screen sharing preferences can be set to encrypt all data on the connection, not just the username/password negotiation piece, right? I don't know whether that setting persists across sessions or only persists for the duration of the current session. I wouldn't want my client mouse/keyboard and "server" screen video to be transmitted in the clear; that's why I bring this up.
  Does that answer your question? Or did I totally misunderstand what you were asking?

• IChat-initiated Screen Sharing across Internet

  For those of us supporting Aged Parental Units and their Macs, iChat Screensharing is the Killer App to end all killer apps. And when it doesn't work, it's really frustrating.
  One thing that makes iChat Screensharing preferable to Timbuktu or generic VNC shareware is that I don't have to walk the "computer illiterate" (can they retire that cute phrase in 2009?) through configuring port-mapping on his NAT router. "All" I have to do is talk the user through:
  1. getting an AIM i.d.
  2. configuring iChat to use that AIM i.d.
  3. finding System Preferences > Sharing, and enabling Screen Sharing
  +(have I forgotten anything?)+
  At that point I should be able to ask to share the other person's screen. The really big piece of magic, *contacting someone who is behind a NAT router*, is handled; I presume by some clever sleight-of-hand by the AOL server which the AIM client is logged into.
  Okay: I can't get it to work for my father. He's running 10.5.6. I can screen-share using the iChat interface when I'm on the same LAN as he, but not from outside.
  His firewall is off. His router is an Airport Extreme, to which he's connected by ethernet cable. The Airport Extreme configuration is about as vanilla as it gets.
  Can anyone spot something I've forgotten to do, or ask a followup, or suggest the next troubleshooting strategy?
  Thanks,
  Chap

  Hi,
  It is somewhat of a feature that Getting iChat to work depends on the devices used at each end.
  iChat has to be able to identify very clearly where it is in relation to the Internet for it work/connect in Video and Audio chats.
  As far as we can tell Video and Audio chats will work if you Port Forward certain ports Or allow them via other methods such as Port Triggering, DMZ or UPnP.
  We know the ports through using Application like Little Snitch and also Apple have published them.
  For Tiger and Earlier http://support.apple.com/kb/HT1507?viewlocale=en_US
  For iChat 4 in Leopard http://support.apple.com/kb/HT2282?viewlocale=en_US
  What the second one does not tell you is that you need some of the Info from the first if using Bonjour or Jabber IDs as well as AIM.
  It also fails to say anything about the Screen Sharing.
  AS I have said before the Testing that some of the Regular posters have done show that Screen Sharing seems to be a Random port, separate from the Audio component of that connection.
  As you will see from the two links the title includes the mention of NAT (Network Address Translation)
  Port Forwarding, Port Triggering and DMZ all rely heavily on NAT being done in the routing device.
  UPnP seem less reliant on NAT to get through any routing device.
  If you have a modem that routes it is likely that it is issuing IP addresses to the computers (DHCP)
  IF you then add a router that also does DHCP then the computers get two IPs (Although they can only display one)
  iChat can not cope with this.
  It is possible to get a router as well as a non routing modem to pass the Public IP to the computer which would exclude the need to open any ports (As they would All be open)
  An Base Station can be behind a Routing Modem and set to Not be a router (Just a wireless access point) which would also preclude the need to Set Port Mapping Protocol in it.
  We are in the land of "Ifs, Buts and Maybes" when we try and cover all the possibilities that people may have when dealing with a certain lack of information.
  7:23 PM Tuesday; December 30, 2008

• Screen Sharing hangs after a few minutes idle

  I've enabled Screen Sharing on my Mac and am connecting from a Windows machine. I've tried connecting with TigerVNC, TightVNC, and TurboVNC clients but after about 10 minutes of no activity on the screen hangs. I'm able to move the mouse pointer, but no screen updates are sent over to the client. Reconnecting works, but it's a nuisance to have to connect every ten minutes
  Any help on how to debug this would be appreciated. I bought my machine a month ago and I have the latest updates installed. Both the Mac and the VNC client are on the same LAN switch.
  Thanks.
  - Amir

  You could try the Vine Server (a different VNC server).
  Vine Server (aka OSXvnc)
  <http://www.versiontracker.com/dyn/moreinfo/macosx/16699>
  Just make sure you either give the Vine Server a different port number (for example port 5901), or you turn off the Mac OS X Screen Sharing VNC server.

• Screen Sharing using Back to my Mac

  I'm trying to use screen sharing for the first time between my 27" mid 2010 iMac and 15" MacBook Pro Retina late 2013 using both OSX 10.9.4 on a local network using Back to my Mac feature.  I enabled screen sharing and made sure Remote Management is disabled and also on firewall the screen sharing has allow incoming connections enabled.  I also have my Back to my Mac checked on my iCloud settings.
  And so I opened Finder window on both computers and on the sidebars from each of the computers it showed the shared devices.  So from my Macbook or iMac, I click on the device and then click on the share screen button and a menu popup asking me how i want to connect either as a registered user or using an Apple ID.  I selected using and apple ID and it automatically provide a drop down showing my apple id and I click connect but all I get is an error message saying "Authentication failed to iMac" or vice versa.
  What am I doing wrong?  Is there any other option for me to do screen sharing without using a third party app?  Please advise.  Any help or suggestions will be greatly appreciated.  Thank you.

  Thanks for your input. At home, I use a Time Capsule, with the absolute latest firmware, so it should be suitable.
  However, I might have problems with the setup? If I turn off and on Back to my Mac under iCloud settings, sometimes I get a message that I should enable NAT/UnPP. Checking the setup of the Time Capsule, the router is in Bridge mode (NAT off). If I try turning on NAT, I get an error in Airport Utility about double NAT.
  Any advice on this?