User profile for user: stewart994
stewart994 Author
User level: Level 1
14 points

Remote sharing options turning on automatically

In Mac OS Sonoma under System settings / General / Sharing, there are three advanced sharing options: remote management, remote login and remote application scripting.


I'm the only person that uses my MacBook Pro 2018, and it's not part of a school or organization. It's a private Mac for personal usage. I'm the only user and the only administrator. I only ever log into my Mac directly from my Mac; I never log into it or access it remotely.


The default setting is to allow administrators remote to have remote access for all three of the advanced sharing options. But since I don't need or want remote access, I deleted the administrators remote access. But somehow the computer keeps reinstating the remote access for administrators all by itself. Why would it be doing that? And if the computer needs administrators to have remote access - which I don't understand because I'm the administrator and I don't need it - why permit a setting which purportedly deactivates remote access for administrators but then reinstates it without my involvement? This implies there is another administrator or that the computer overrides the setting the administrator chose, in which case why offer the setting. That's so illogical I can't imagine that the Apple engineers decided to include it, which makes me think it's a malicious actor.

Put differently, why allow a user to turn off access if it's going to be turned back on automatically by the system? It's just confusing / misleading. If it's not necessarily going to be turned back on automatically, then why does it happen on my computer? How do I know it's not someone else accessing my computer remotely masquerading as an administrator?


I've attached screenshots of the dialog box with administrators having access - the default option and the option the computer self-reverts to - and with administrators removed - the option I set it to because I don't need it.

MacBook Pro 13″, macOS 14.1

Posted on Nov 1, 2023 2:17 PM

Reply
5 replies
User profile for user: stewart994
stewart994 Author
User level: Level 1
14 points

Nov 2, 2023 4:52 PM in response to Barney-15E

Sure. Here are a few screen shots of what I described and some stuff I didn't mention. The dialog boxes with administrators appear normal. however as mentioned I've deleted the administrator remote access rights repeatedly and they keep reappearing. The other ones seem even less explainable as I didn't approve access rights for those or anyone. I keep my macbook in lockdown mode mostly, I'm the only one on my network aside form kids when they're here, I fully erase and reinstall Mac OS regularly using disk utility, erase assistant and recovery (average 1x per month), following the processes specified by Apple often with the hands on guidance of Apple support, I reset my router regularly (average 2x per month), and I do the same with my phones probably each 1x per 2 months. I've come to suspect that there is some sort of process going on at startup as certain options like loginwindow seem to be changing the power allocation at startup (I know this because I caught a glimpse of it, immediately went to spotlight to find it, and spotlight said it had paused indexing to allow that process to complete. I don't have a screenshot of that but I can probably generate one if it makes a difference. you can see however that when I search in settings for login window it indicates there is an option somewhere but I cannot make it reveal itself. I read that it's possible to hide and unhide users on the Mac. To unhide them best as I can tell you need their name which I don't know. I actually sent a long email after posting this to apple security describing about 10 things which are concerning. I'm not a computer person, but I am a logical person. And either there is a security issue, or the dialog boxes are extremely poorly written in many cases because they suggest that there is a security issue. There's not a consistent pattern with these "violations". So sometimes when I remove an access right it comes back in 5mins. Other times it's stable for a period of maybe a few weeks. Some application names keep reappearing. Like SMDB, sh key generator in the past. And then other times new ones come up like this ARDP that popped up in my firewall settings turned to green. I then changed him to red and he's remained like that for a day I think. I've copied the text of the email I sent to apple security below. . I actually dont' have much of anything to hide or protect from a hacker, I just feel very strongly about privacy. So I'm not clear what the motive would be. Sorry for all the reading. If you have any experience or feeling for whether this is an attack or merely a host of poor design issues which result in applications automating approvals which the interface strongly suggests are supposed to be in the control of the administrator, I'd be grateful to hear them.


Barney's a great name by the way. We share that in common.




Reply
User profile for user: Barney-15E
Barney-15E
User level: Level 10
122,558 points

Nov 3, 2023 4:43 PM in response to stewart994

You showed screenshots of the application firewall advanced settings. You showed remote login is disabled.

You have added the ARDAgent to the exclusion list. Do you have ARD running on a server inside your LAN that you have configured to remotely manage your Mac?


You showed absolutely normal settings for smbd, AEServer, and Script Editor.

If you enable File Sharing and share out Desktop, Documents, or Downloads, smbd must have Full Disk Access to allow access to those folders. If you have File Sharing off, the setting is irrelevant.

AEServer allows applications to control other applications. Things like Automator and Shortcuts can use it, and other apps will use it to automate things for you. Script Editor is used to create and run AppleScript and Javascript tools.


I have no idea what you intend to show with a search of the System Settings.


For what it's worth, the Firewall is useless. I think it is there to make people feel good. Microsoft uses theirs to blame the customer when their weak security is exploited.

If you have your home (or office) network behind a NAT router, you have something more effective protecting your Mac from the internet. Nothing on the internet can see through your router into your Mac unless you poke a hole in your router.


Everything you see is completely normal and doesn't require any concern.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Remote sharing options turning on automatically

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up