Remote Management - Restart and shut down

The System Preferences -> Remote Management is intended for use with the Apple Remote Desktop (ARD) paid application.

The common use for ARD is managing a classroom full of Macs, or a small business with a bunch of Macs.

Typically a generic consumers, use System Prefernces -> Screen Sharing.

Another approach is using ssh (a command issued from a Terminal session). The destination system must enable System Preferences -> Remote Login.

You would start a local Applications -> Utilities -> Terminal session. Then enter the ssh command:

ssh admin_username@destination_system_name_or_IP_address

password: xxxxxxxxxx

# ...the remote system should now been executing your commands...

sudo shutdown -h now # shutdown the remote system

password: the-remote-system-admin-account-password-you-logged-in-as

# -OR-

sudo shutdown -r now # reboot the remote system

password: the-remote-system-admin-account-password-you-logged-in-as

If you want to get into exchanging ssh-keygen keys from the remote system's 'root' account into your local account's ~/.ssh/authorized_keys, it would be possble to do the shutdown -h or shutdown -r commands as a one line command without entering a password

ssh root@destination_system_name_or_IP_address shutdown -h now # shutdown

# -OR-

ssh root@destination_system_name_or_IP_address shutdown -r now # reboot

The above ssh-keygen based ssh connections could even be put into an Automator workflow or Applescript so that they are double-clickable to execute (also dangerous is you accidentally invoke them).

I did notice that I can also connect using a free VNC viewer once the Remote Desktop is enabled (with the VNC password option). So once you get to the remote desktop, I guess you can alway shutdown / reboot, regardless of the "Restart and shutdown" setting.

Unless you have the Apple Remote Desktop application, which you can buy from Apple, there is no reason to enable System Preferences -> Remote Management. You are better off enabling System Preferences -> Screen Sharing if all you want to do is VNC via 3rd party VNC client, or use the Mac OS X built-in Screen Sharing client.

Using the built-in Screen Sharing client can be done by clicking on the remote host name in the Finder side-bar, or by using Finder -> Go -> Connect to server -> vnc://other_system.local (where the .local name can be seen in the other system's System Preferences -> Sharing -> Computer name field (read the text under the computer name), or you could use vnc://nn.nn.nn.nn address. Or from a Terminal session "open vnc://other_system.local". Or once you have started one Screen Sharing session, while it is running, control-click on the Screen Sharing icon on the Dock -> Options -> Keep in Dock, then just double click on the Dock icon when you want to start a screen sharing session. Or using iChat or Messages, initiate a Screen Sharing session that way. Finally, if you have iCloud Back-to-My-Mac enabled, this will put the remote system in your Finder side-bar even when you are away from home (assuming all the routers and such play nice).

Same goes for ssh access I guess, the explicit option for "Restart and shutdown" does not apply here, as even without this permission, users with remote login permissions will always be able to shutdown the system / reboot the system.

Yes, "IF" they login into an Admin account AND use sudo with the Admin account's password to elevate privileges so they can issue the shutdown command.

So is the "Restart and shutdown" option specific to ARD (meaning that some ARD users will see a restart / shutdown button while others won't) ?

Those System Preferences -> Remote Management option allow the client Mac to limit the extent to which it will allow ARD to remotely manage it.

Since I do not use ARD, I do not know what they will see. However, you should think of ARD as applying the same commands to multiple computers at one, not a one-on-one basis. That is to say at the end of a computer lab class, the instructor tells ARD, reset and restart all the Macs in the class. Or the instructor tells ARD to install the lastest update on all the Macs in the class. It is a way to easily manage multple Macs at once. I'm sure individual systems can be targeted, but that is not the primary utility of ARD. It is the "One Ring to Rule them All" approach that holds ARD's appeal.

And is there another CLI / Webservice based hook that integrators can use to perform a restart / shutdown, or is it limited to remote desktop / remote login / ARD ?

System Preferences -> Sharing -> Remote Apple Events "Maybe", however, I'm not sure how the remote user gets elevated privileges to shutdown/reboot the system via Remote Apple Events.

There are packages such as GoToMyPC, GoToAssist, TeamViewer.com, LogMeIn.com, and a bunch of other similar remote access utilities that can be used to manage a Mac remotely. Some are just alternatives to VNC, and some have their own back-channels for issuing commands, similar to what ARD does.

And of course any one that wants to write a networking daemon, install it on the remote systems, and then connect with the daemon over the network can have the daemon do whatever they want. If the integrator is autorized to do this to the remote system, it is a service. If not authorized it is called Malware :-)