Skip to main content

The script I run to enable Remote Login and Remote Management has been the following:

#!/bin/sh

# enable remote management for ardadmin
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -targetdisk / -activate -configure -clientopts -setmenuextra -menuextra no
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -targetdisk / -configure -users adminuser -access -on -privs -all
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -targetdisk / -configure -allowAccessFor -specifiedUsers -privs -all
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -targetdisk / -restart -agent -menu

#enable remote login for ardadmin
sudo /usr/sbin/systemsetup -setremotelogin on
sudo dseditgroup -o edit -a adminuser -t user com.apple.access_ssh

exit 0

We just upgraded many of our computers to macOS Ventura.  I've noticed with macOS Ventura that when trying to Control or Observe with Apple Remote Desktop newly provisioned macOS Ventura machines that it says to turn off and back on Remote Management.  I have tested turning it off via terminal command and back on but sometimes I get the following error:

Screen recording might be disabled. Screen Sharing or Remote Management must be enabled from System Settings or via MDM.
Screen control might be disabled. Screen Sharing or Remote Management must be enabled from System Settings or via MDM.

If I do it manually it works every time, but I need to do this remotely in most cases.

I was reading and found on Apple's website this article: https://support.apple.com/en-ca/HT209161.

In Jamf Pro I don't see anywhere that I can do this.  I can see in the computer record in the Management Tab a selection for Disable Remote Desktop but if I successfully do this it does not turn to Enable Remote Desktop.

Am I missing something?  Is there a sure fire solution here?

You should be able to use the "Management" tab in the Jamf computer details to enable.  I've found that I may need to push the command a second time to trigger the update.  Hope this helps.

Thank you.  I had to try twice before it would show enable remote desktop.

 

Remote Management can no longer be enabled programmatically in macOS Mojave 10.14 and later.  Options other than "activate" can still be used with the ardkickstart utility however (i.e. which user has which permission can still be configured).  Once configured, Remote Management can be activated via MDM.

 

https://support.apple.com/en-us/HT201710 

 

Remote Management status is a searchable attribute so an example workflow might be to run a policy to enable Remote Management for the local administrator user created by the PreStage, then enable as needed, or create an Advanced Computer Search to identify devices with the service disabled, and then send the command to enable it.

You should be able to use the "Management" tab in the Jamf computer details to enable.  I've found that I may need to push the command a second time to trigger the update.  Hope this helps.


Is the only way to do this one computer at a time?

Is the only way to do this one computer at a time?


You can apply this as an action remote command to a group so it can be applied to multiple computers at once.

 

You can apply this as an action remote command to a group so it can be applied to multiple computers at once.

 


Hi @dletkeman Do you have an example on how to automate this?

Hi @dletkeman Do you have an example on how to automate this?


It’s been a while since I’ve looked, but if management commands can be sent via an API call, this should be scriptable. 

That being said, I’m not sure it’s much of a help. If a device is offline, it won’t respond to the command, or be available via ARD anyway. 

A workaround is to create a smart search of all devices where remote management is off, view the list and then use the Action button to send the command. Offline devices will receive the command when they come online. 

It’s been a while since I’ve looked, but if management commands can be sent via an API call, this should be scriptable. 

That being said, I’m not sure it’s much of a help. If a device is offline, it won’t respond to the command, or be available via ARD anyway. 

A workaround is to create a smart search of all devices where remote management is off, view the list and then use the Action button to send the command. Offline devices will receive the command when they come online. 


Thanks for the reply. 

Yeah, I figured we'd have to do something outside of JAMF.

Great tip about the smart group. We did that already, and that is the best we can come up with it seems. Thanks!

Thanks for the reply. 

Yeah, I figured we'd have to do something outside of JAMF.

Great tip about the smart group. We did that already, and that is the best we can come up with it seems. Thanks!


Glad you have a workable solution.  Although I'd use a smart search rather than a smart group.  since you're not using the group for scoping, you're just expending extra cycles every time a device checks in.  A smart search accomplishes the same goal, but is less resource heavy server side.

 

Probably not an issue for a smaller deployment, but will add up with lots of groups and lots of devices.

Glad you have a workable solution.  Although I'd use a smart search rather than a smart group.  since you're not using the group for scoping, you're just expending extra cycles every time a device checks in.  A smart search accomplishes the same goal, but is less resource heavy server side.

 

Probably not an issue for a smaller deployment, but will add up with lots of groups and lots of devices.


You are correct! I misread your post there. I'll try the smart search. Thanks!

Just want to clarify - the kickstart script can still be used for settings/users - but the enable command needs to be run in Jamf to activate?

Remote Management can no longer be enabled programmatically in macOS Mojave 10.14 and later.  Options other than "activate" can still be used with the ardkickstart utility however (i.e. which user has which permission can still be configured).  Once configured, Remote Management can be activated via MDM.

 

https://support.apple.com/en-us/HT201710 

 

Remote Management status is a searchable attribute so an example workflow might be to run a policy to enable Remote Management for the local administrator user created by the PreStage, then enable as needed, or create an Advanced Computer Search to identify devices with the service disabled, and then send the command to enable it.


This can also be enabled via API, but as always, sending API commands via script is inherently risky as your API credentials must be provided in some manner.

/usr/bin/curl -su "${jamf_User}:${jamf_Pass}" "${jss_Url}/JSSResource/computercommands/command/EnableRemoteDesktop/id/${JAMF_ID}" -X POST

Reply


Terms & ConditionsCookie settings