11 Replies Latest reply: Dec 1, 2012 5:15 PM by Dark_Angel
LouIsFatAndSassy Level 1 Level 1 (15 points)

Hi all,


I'm a general user, not a server user, so I apologize in advance for my ignorance. Here are the specs:


Me: Mac Pro, 8 core, 10.6.8, wireless hookup via Comcast

Controlled computer: iMac, 10.7.1, no firewall, ethernet hookup via Comcast




My grandparents are 92 and 95 and they've been Mac users for a decade and a half -- that said, they're in their 90s so if an icon gets moved or something is downloaded to a different location, the wheels fall off the truck. For the past several months they've been out of communication because they can't remember their email password (it's more likely that they aren't noting that the password is Case Sensitive). Their old iMac was the orange bubble iMac, so it was time for a replacement. I bought a new basic iMac and am going to ship it to them (they live in another state), but first I wanted to set it up exactly as they'd need it. While I have it, I figure now would be the best to set up VPN where any time they have trouble I can tunnel in via VPN and take over their computer as an admin.


I can't figure it out, sadly.


I am fairly sure Apple Remote Desktop only works for people in the same network and that's all I can find while researching on the 'net. Would that work once I use VPN for someone 1,000 miles away? How do I set it up? What software would you recommend (it doesn't have to be free)?


Am I right to think the following?:


  • I download a VPN client to my computer.
  • I download a VPN server to their computer.
  • I turn all sharing on via System Preferences on theirs.
  • ????


How do I actually see and control their computer? How do I set up a user/pass to get in?


Note: Security is not an issue -- nothing they will do on this computer needs to be secure. It's web browsing, emailing, and Skype -- they don't have control of their own finances.


In a perfect world I can reset their passwords if they forget them, turn on some classical music while they're having dinner, change their background to pictures of their grandkids, do all of the system updates for them, and install new software that may help them.


MANY thanks to anyone who can help me figure this out!



  • 1. Re: Remote desktop OUTSIDE network
    gresmi Level 1 Level 1 (85 points)

    I'm actually trying to work this same problem out for myself.


    As a kluge, now that iCloud and Back To My Mac are free, I'd just sign up for an iCloud account and enter the same account on their computer and enable Back To My Mac. Then you'll at least bea able to easily use the built in screen sharing in Lion to log into their computers from anywhere.

  • 2. Re: Remote desktop OUTSIDE network
    LouIsFatAndSassy Level 1 Level 1 (15 points)

    Can you explain the process for iCloud and Back to My Mac?


    Do I need Lion on my desktop? I hope not because I'm still on 10.6.8 and not planning to upgrade soon.



  • 3. Re: Remote desktop OUTSIDE network
    gumsie Level 4 Level 4 (2,095 points)

    I second this request if you please. I'm pretty sure it's no but if I want an iPhone solution too, (keeping things in the family so to speak), I'll assume I'm out of luck?

  • 4. Re: Remote desktop OUTSIDE network
    LouIsFatAndSassy Level 1 Level 1 (15 points)

    I figured out a solution and hope it will help those looking for one.


    1) Download free (unless using for business purposes) TeamViewer and install the client on your viewing computer, the one you want to use to view the desktop of the other.

    2) Download free TeamViewer and install the server on your off-network computer. It's the same installer, but make the choice during install that "this will be the computer I want to view".

    3) I'm fairly sure that on the computer you want to view, you have to Apple -> System Preferences -> Sharing and turn on Screen Sharing (NOT RemoteManagement).

    4) When TeamViewer is opened on the computer you want to access, right click it and have it launch at login. This ensures you will always be able to get into this computer when it's on. Note: It will ask for the admin password at every login and it will always have a little window in the upper right so the user knows their computer is being viewed -- so don't try this for snooping.

    5) On the computer you want to access, set up a password for access that you'll type from your viewing computer. I believe this is done during install, but if not, I think it is found in Preferences -> Security.

    6) On the computer you want to access, write down the 9-digit code under "Your ID" and close (don't quit) the windows.

    7) Now any time you want to access the computer (and it's on) just launch TeamViewer on your viewing computer. You can control everything -- volume, installs, rebooting (unless there's a user/password to log in) the webcam, etc.


    I also found a solution on YouTube called Back to My Mac which is purportedly part of the Mac OS, but I couldn't get it to work and the videos referred to older OSes. Search for MacMost Now 334 and then watch MacMost Now 77.


    I hope this helps! Please let me know if it does, or if you find a better solution.

  • 5. Re: Remote desktop OUTSIDE network
    Dark_Angel Level 1 Level 1 (0 points)

    Sorry for the length...


    You actually can use ARD (Apple Remote Desktop) to Admin a computer from afar not connected to your network.  It does not require VPN or VNC access.  I do it all the time with a computer, also for my grandparents who are 81 & 83 years of age located in the Midwest...I live in California and access it about once a week when as you put it perfectly "the wheels fall off".


    The key issues that I ran into when setting up the connection that I use are the NAT tunneling that is needed due to the Router that my grandparents use to connect to the Internet and the DHCP which I had to modify in their router for the assignment of private IP addresses in their home.  Since the router is set up for DHCP (needed) I had to specifically set up and assign a specific internal IP address as a static address to their single computer while maintaining the rest of the assignments as dynamic DHCP for the reasons that follow.  My sister goes to visit them frequently with her laptop (WIFI connection) and I take my laptop (WIFI Connection) and other devices (also WIFI) with me and access the net when I visit (about once a year) with their network.


    The DHCP that the router uses to normally assigns internal IP's, does so on a first come first serve basis and creates issues where the IP address that ARD uses to access the client computer could potentially be assigned to another device if it connects to the network first before the client computer, or the client computer is assigned another IP address by the DHCP due to the routing table.  This causes some issues as in order to use ARD through a router to a client computer on another network you have to know the IP address for the connection (ISP assigned IP address) you are trying to enter through (often dynamic IP) and then you have to know the specific internal IP address for the computer on the network for NAT tunneling.


    In my case my grandparents luckily are on a static IP address assigned to them by their ISP so I only had to overcome the Router configuration issues.  There are however reporting services that are paid (usually inexpensive) which use a small program on the client computer to broadcast the IP address to the secure service which then keeps record of the current dynamic IP that the computer is on so that if it changes with the ISP, one only needs to log into the service to retrieve this current IP and then they can access the client computer with it after reconfiguration of ARD. (This is the first mountain to climb)


    The issue that often times these days is the second mountain that you have to climb is the DHCP and NAT tunneling.  This is in the client computers router configuration and is individual to each router manufacturer and model so I recommend consulting the manufacturers router manual on how to configure the router for NAT tunneling.  Not all routers can be set up for this, for instance my time capsule I have as a router behind a router configuration at my home to get full use of my 802.11N speeds for multiple devices that are capable of the N protocol will allow for this and the "Back to my Mac" service; which essentially does near to the same thing as ARD does, however my AT&T Uverse Gateway which is an 802.11G router...though quite sophisticated is actually not capable of the services needed to remote control the computer behind it as a client computer for “Back to my Mac” which is another reason I use the Time Capsule as a router behind the gateway.  It also gives me two separate private networks and a bit more security though can cause issues if not properly configured.


    These are the issues that I ran into when setting up the remote administration of my Grandparents computer and I have successfully maintained this remote access for over a year now with few issues.  (It still blows my grandparents mind that I can do this from California).  I do have to say that the router configuration was done with another party (my mother) being my eyes and ears in the Midwest while she was visiting them, though it was my configuration instructions that allowed her to set up the router configuration for NAT tunneling and single internal static IP configuration while maintaining DHCP for other devices (she's wouldn't know where to begin when it comes to router configurations and I have CCNA training).


    I hope this helps at least with the hurdles that need to be jumped in most remote network accesses using ARD and to assure people in need of this information or with questions regarding it that it can be done with the correct configuration and a router with the capabilities on the client side.


    Also in case anyone is wondering my grandparents have a Netgear router though I don’t endorse any one router or manufacturer.  The important thing here is the routers capabilities not the brand or model.


    Message was edited by: Dark_Angel

  • 6. Re: Remote desktop OUTSIDE network
    Sean Bravener Level 1 Level 1 (5 points)

    Another option that works great and that I use with my parents is logmein.  There is a free client that runs in the background and as long as the macs on, you can connect to it. You dono have to worry about nat or static ip's


    Hope this helps.



  • 7. Re: Remote desktop OUTSIDE network
    w00lie Level 1 Level 1 (0 points)

    Also, iChat has an option to take control of another machine, did this with a new mac user to set his machine up and show him round. They do have to have either a MobileMe or yahoo email account tho i think.

  • 8. Re: Remote desktop OUTSIDE network
    louiexiv Level 1 Level 1 (0 points)



    How many licenses did you need to use ARD to administer your folks' computer?  Was one for you enough, or did you need to buy one for you and a second for their computer?

  • 9. Re: Remote desktop OUTSIDE network
    Dark_Angel Level 1 Level 1 (0 points)

    Hi LouieXIV,


    Apple used to sell ARD in two varieties one with a 5 computer license version which is all I needed this allowed me to admin up to 5 computers and the other was an unlimited license for commercial use.  Since Apple went to the APP Store now it's a single license that allows unlimited control of other computers however since this is the admin software that you are buying it does allow you to use it on all the computers you use or control and now allows unlimited computers under your control via the software.  I hope that is clear...in essence you only need the one copy of the software on the computer you will admin from and the software that you need to control other Macs is built right into OSX.  You just need the software to interface with it which is currently as of this post $79.99 via the Apple APP Store.


    Since my original post I have moved and have set up my friends computer which I used to admin directly at the time hands on to be able to do it remotely now, so I'm now admining two separate computers.  The trick to making this work is knowing their IP address.  In the case of my grandparents computer it's a static IP and though it has a firewall I have set it up for tunneling in their router.  My friends computer on the other hand is dynamic IP and in order for me to access it each time I have to get the IP address from him each time I need to access it.  This isn't an issue in this case because he knows where to get it from however if it was there are IP reporting services that allow for the computer to report it's IP to each time it changes so that it's always up to date on the service.  You can then log into the service to get the IP address that the computer is currently on and log in that way without the user having to retrieve it each time.


    Hope this helps and answers your questions and give you a little more insite into how I use ARD.



  • 10. Re: Remote desktop OUTSIDE network
    louiexiv Level 1 Level 1 (0 points)

    Exactly what I needed to know.  Thanks!

  • 11. Re: Remote desktop OUTSIDE network
    Dark_Angel Level 1 Level 1 (0 points)

    You are most welcome!